Hi tech,
Check if cp->dev value is invalid prior to using it as an array index and only
then make the assignment si = &as->source_info[cp->dev].
This is mentioned in Coverity CID 1453243 and 1453334.
OK?
Index: ac97.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/ac97.c,v
retrieving revision 1.82
diff -u -p -u -r1.82 ac97.c
--- ac97.c 14 Sep 2016 06:12:19 -0000 1.82
+++ ac97.c 22 Aug 2017 08:03:36 -0000
@@ -1063,13 +1063,18 @@ int
ac97_mixer_set_port(struct ac97_codec_if *codec_if, mixer_ctrl_t *cp)
{
struct ac97_softc *as = (struct ac97_softc *)codec_if;
- struct ac97_source_info *si = &as->source_info[cp->dev];
+ struct ac97_source_info *si;
u_int16_t mask;
u_int16_t val, newval;
int error, spdif;
if (cp->dev < 0 || cp->dev >= as->num_source_info ||
- cp->type == AUDIO_MIXER_CLASS || cp->type != si->type)
+ cp->type == AUDIO_MIXER_CLASS)
+ return (EINVAL);
+
+ si = &as->source_info[cp->dev];
+
+ if (cp->type != si->type)
return (EINVAL);
spdif = si->req_feature == CHECK_SPDIF &&
@@ -1340,12 +1345,16 @@ int
ac97_mixer_get_port(struct ac97_codec_if *codec_if, mixer_ctrl_t *cp)
{
struct ac97_softc *as = (struct ac97_softc *)codec_if;
- struct ac97_source_info *si = &as->source_info[cp->dev];
+ struct ac97_source_info *si;
u_int16_t mask;
u_int16_t val;
- if (cp->dev < 0 || cp->dev >= as->num_source_info ||
- cp->type != si->type)
+ if (cp->dev < 0 || cp->dev >= as->num_source_info)
+ return (EINVAL);
+
+ si = &as->source_info[cp->dev];
+
+ if (cp->type != si->type)
return (EINVAL);
ac97_read(as, si->reg, &val);
