2005-04-16 15:20:36 -07:00
|
|
|
int midi_synth_ioctl (int dev,
|
|
|
|
|
unsigned int cmd, void __user * arg);
|
|
|
|
|
int midi_synth_kill_note (int dev, int channel, int note, int velocity);
|
|
|
|
|
int midi_synth_set_instr (int dev, int channel, int instr_no);
|
|
|
|
|
int midi_synth_start_note (int dev, int channel, int note, int volume);
|
|
|
|
|
void midi_synth_reset (int dev);
|
|
|
|
|
int midi_synth_open (int dev, int mode);
|
|
|
|
|
void midi_synth_close (int dev);
|
|
|
|
|
void midi_synth_hw_control (int dev, unsigned char *event);
|
|
|
|
|
int midi_synth_load_patch (int dev, int format, const char __user * addr,
|
sound/oss: remove offset from load_patch callbacks
Was: [PATCH] sound/oss/midi_synth: prevent underflow, use of
uninitialized value, and signedness issue
The offset passed to midi_synth_load_patch() can be essentially
arbitrary. If it's greater than the header length, this will result in
a copy_from_user(dst, src, negative_val). While this will just return
-EFAULT on x86, on other architectures this may cause memory corruption.
Additionally, the length field of the sysex_info structure may not be
initialized prior to its use. Finally, a signed comparison may result
in an unintentionally large loop.
On suggestion by Takashi Iwai, version two removes the offset argument
from the load_patch callbacks entirely, which also resolves similar
issues in opl3. Compile tested only.
v3 adjusts comments and hopefully gets copy offsets right.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-03-23 10:53:41 -04:00
|
|
|
int count, int pmgr_flag);
|
2005-04-16 15:20:36 -07:00
|
|
|
void midi_synth_panning (int dev, int channel, int pressure);
|
|
|
|
|
void midi_synth_aftertouch (int dev, int channel, int pressure);
|
|
|
|
|
void midi_synth_controller (int dev, int channel, int ctrl_num, int value);
|
|
|
|
|
void midi_synth_bender (int dev, int chn, int value);
|
|
|
|
|
void midi_synth_setup_voice (int dev, int voice, int chn);
|
|
|
|
|
int midi_synth_send_sysex(int dev, unsigned char *bytes,int len);
|
|
|
|
|
|
|
|
|
|
#ifndef _MIDI_SYNTH_C_
|
|
|
|
|
static struct synth_info std_synth_info =
|
|
|
|
|
{MIDI_SYNTH_NAME, 0, SYNTH_TYPE_MIDI, 0, 0, 128, 0, 128, MIDI_SYNTH_CAPS};
|
|
|
|
|
|
|
|
|
|
static struct synth_operations std_midi_synth =
|
|
|
|
|
{
|
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.id = "MIDI",
|
|
|
|
|
.info = &std_synth_info,
|
|
|
|
|
.midi_dev = 0,
|
|
|
|
|
.synth_type = SYNTH_TYPE_MIDI,
|
|
|
|
|
.synth_subtype = 0,
|
|
|
|
|
.open = midi_synth_open,
|
|
|
|
|
.close = midi_synth_close,
|
|
|
|
|
.ioctl = midi_synth_ioctl,
|
|
|
|
|
.kill_note = midi_synth_kill_note,
|
|
|
|
|
.start_note = midi_synth_start_note,
|
|
|
|
|
.set_instr = midi_synth_set_instr,
|
|
|
|
|
.reset = midi_synth_reset,
|
|
|
|
|
.hw_control = midi_synth_hw_control,
|
|
|
|
|
.load_patch = midi_synth_load_patch,
|
|
|
|
|
.aftertouch = midi_synth_aftertouch,
|
|
|
|
|
.controller = midi_synth_controller,
|
|
|
|
|
.panning = midi_synth_panning,
|
|
|
|
|
.bender = midi_synth_bender,
|
|
|
|
|
.setup_voice = midi_synth_setup_voice,
|
|
|
|
|
.send_sysex = midi_synth_send_sysex
|
|
|
|
|
};
|
|
|
|
|
#endif
|
