| Message ID | 1405612854-10638-2-git-send-email-luis.henriques@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/sound/core/control.c b/sound/core/control.c index acd92ffb2bc2..8b1f46c68a86 100644 --- a/sound/core/control.c +++ b/sound/core/control.c @@ -333,6 +333,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) if (snd_BUG_ON(!card || !kcontrol->info)) goto error; id = kcontrol->id; + if (id.index > UINT_MAX - kcontrol->count) + goto error; + down_write(&card->controls_rwsem); if (snd_ctl_find_id(card, &id)) { up_write(&card->controls_rwsem);