From b49414ea5da073042aab753a4fd9fd05fa5bb8d5 Mon Sep 17 00:00:00 2001
From: Caleb Connolly <caleb.connolly@linaro.org>
Date: Tue, 2 Nov 2021 18:56:21 +0000
Subject: mixer: fix index underflow when index=0

In mixer_get_ctl_by_name_and_index(), the post-fix decrement
means that the index will be decremented after the comparison, but
before the return, leading to an unsigned integer underflow.

This causes a crash on platforms with -fsanitize=integer enabled.

Fix this by avoiding decrementing index until after the return.

Change-Id: I25a17ced4185bdebd500285bd30b342b16b4ac12
---
 src/mixer.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/mixer.c')

diff --git a/src/mixer.c b/src/mixer.c
index 5581e5d..b4d96fd 100644
--- a/src/mixer.c
+++ b/src/mixer.c
@@ -732,9 +732,13 @@ struct mixer_ctl *mixer_get_ctl_by_name_and_index(struct mixer *mixer,
         ctl = grp->ctl;
 
         for (n = 0; n < grp->count; n++)
-            if (!strcmp(name, (char*) ctl[n].info.id.name))
-                if (index-- == 0)
+            if (!strcmp(name, (char*) ctl[n].info.id.name)) {
+                if (index == 0) {
                     return ctl + n;
+                } else {
+                    index--;
+                }
+            }
     }
 
 #ifdef TINYALSA_USES_PLUGINS
@@ -743,9 +747,13 @@ struct mixer_ctl *mixer_get_ctl_by_name_and_index(struct mixer *mixer,
         ctl = grp->ctl;
 
         for (n = 0; n < grp->count; n++)
-            if (!strcmp(name, (char*) ctl[n].info.id.name))
-                if (index-- == 0)
+            if (!strcmp(name, (char*) ctl[n].info.id.name)) {
+                if (index == 0) {
                     return ctl + n;
+                } else {
+                    index--;
+                }
+            }
     }
 #endif
     return NULL;
-- 
cgit v1.2.3