85c50a5899
The "dev" variable could be out of bounds. Calling snd_seq_oss_synth_is_valid() checks that it is is a valid device which has been opened. We check this inside set_note_event() so this function can't succeed without a valid "dev". But we need to do the check earlier to prevent invalid dereferences and memory corruption. One call tree where "dev" could be out of bounds is: -> snd_seq_oss_oob_user() -> snd_seq_oss_process_event() -> extended_event() -> note_on_event() Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
---|---|---|
.. | ||
oss | ||
Kconfig | ||
Makefile | ||
seq_clientmgr.c | ||
seq_clientmgr.h | ||
seq_compat.c | ||
seq_device.c | ||
seq_dummy.c | ||
seq_fifo.c | ||
seq_fifo.h | ||
seq_info.c | ||
seq_info.h | ||
seq_lock.c | ||
seq_lock.h | ||
seq_memory.c | ||
seq_memory.h | ||
seq_midi_emul.c | ||
seq_midi_event.c | ||
seq_midi.c | ||
seq_ports.c | ||
seq_ports.h | ||
seq_prioq.c | ||
seq_prioq.h | ||
seq_queue.c | ||
seq_queue.h | ||
seq_system.c | ||
seq_system.h | ||
seq_timer.c | ||
seq_timer.h | ||
seq_virmidi.c | ||
seq.c |