From f0f3c5e4c04d8645547bc1d06980093187bd7e7b Mon Sep 17 00:00:00 2001
From: Mark Brown <broonie@kernel.org>
Date: Sat, 22 Jun 2024 08:27:31 +0000
Subject: [PATCH] ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()

stable inclusion
from stable-v4.19.228
commit 7659f25a80e6affb784b690df8994b79b4212fd4
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA72KY
CVE: CVE-2022-48736

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7659f25a80e6affb784b690df8994b79b4212fd4

--------------------------------

commit 4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d upstream.

We don't currently validate that the values being set are within the range
we advertised to userspace as being valid, do so and reject any values
that are out of range.

Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220124153253.3548853-4-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Liu Chuang <liuchuang40@huawei.com>
---
 sound/soc/soc-ops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
index f4dc3d445aae..456116ec1736 100644
--- a/sound/soc/soc-ops.c
+++ b/sound/soc/soc-ops.c
@@ -889,6 +889,8 @@ int snd_soc_put_xr_sx(struct snd_kcontrol *kcontrol,
 	unsigned int i, regval, regmask;
 	int err;
 
+	if (val < mc->min || val > mc->max)
+		return -EINVAL;
 	if (invert)
 		val = max - val;
 	val &= mask;
-- 
Gitee