ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array

The code uses the initialised member of the asoc_sdw_dailink struct to
determine if a member of the array is in use. However in the case the
array is completely full this will lead to an access 1 past the end of
the array, expand the array by one entry to include a space for a
terminator.

Fixes: 27fd36aefa00 ("ASoC: Intel: sof-sdw: Add new code for parsing the snd_soc_acpi structs")
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://patch.msgid.link/20241212105742.1508574-1-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>

diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c
index 810be7c949a5cea04a56dbb13507d80a6540678d..f3369e569abc47b8a807a0f7e32163414859035a 100644 (file)
--- a/sound/soc/intel/boards/sof_sdw.c
+++ b/sound/soc/intel/boards/sof_sdw.c
@@ -1067,8 +1067,12 @@ static int sof_card_dai_links_create(struct snd_soc_card *card)
                return ret;
        }
 
-       /* One per DAI link, worst case is a DAI link for every endpoint */
-       sof_dais = kcalloc(num_ends, sizeof(*sof_dais), GFP_KERNEL);
+       /*
+        * One per DAI link, worst case is a DAI link for every endpoint, also
+        * add one additional to act as a terminator such that code can iterate
+        * until it hits an uninitialised DAI.
+        */
+       sof_dais = kcalloc(num_ends + 1, sizeof(*sof_dais), GFP_KERNEL);
        if (!sof_dais)
                return -ENOMEM;