ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array

The code uses the initialised member of the asoc_sdw_dailink struct to
determine if a member of the array is in use. However in the case the
array is completely full this will lead to an access 1 past the end of
the array, expand the array by one entry to include a space for a
terminator.

Fixes: 27fd36aefa00 ("ASoC: Intel: sof-sdw: Add new code for parsing the snd_soc_acpi structs")
Reviewed-by: Bard Liao <[email protected]>
Reviewed-by: Péter Ujfalusi <[email protected]>
Signed-off-by: Charles Keepax <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Mark Brown <[email protected]>

diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c
index 810be7c949a5cea04a56dbb13507d80a6540678d..f3369e569abc47b8a807a0f7e32163414859035a 100644 (file)
--- a/sound/soc/intel/boards/sof_sdw.c
+++ b/sound/soc/intel/boards/sof_sdw.c
@@ -1067,8 +1067,12 @@ static int sof_card_dai_links_create(struct snd_soc_card *card)
                return ret;
        }
 
-       /* One per DAI link, worst case is a DAI link for every endpoint */
-       sof_dais = kcalloc(num_ends, sizeof(*sof_dais), GFP_KERNEL);
+       /*
+        * One per DAI link, worst case is a DAI link for every endpoint, also
+        * add one additional to act as a terminator such that code can iterate
+        * until it hits an uninitialised DAI.
+        */
+       sof_dais = kcalloc(num_ends + 1, sizeof(*sof_dais), GFP_KERNEL);
        if (!sof_dais)
                return -ENOMEM;