coverity.com fixes - initial round

This commit tries to fix a bunch of issues found
by coverity.com.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>

src/topology/builder.c

@@ -220,13 +220,10 @@ static ssize_t write_manifest_data(snd_tplg_t *tplg)
 		return ret;
 	}
 
-	tplg_log(tplg, 'B', tplg->bin_pos, "manifest: write %d bytes",
-		 sizeof(tplg->manifest));
+	tplg_log(tplg, 'B', tplg->bin_pos, "manifest: write %zu bytes", sizeof(tplg->manifest));
 	ret = twrite(tplg, &tplg->manifest, sizeof(tplg->manifest));
 	if (ret >= 0) {
-		tplg_log(tplg, 'B', tplg->bin_pos,
-			 "manifest: write %d priv bytes",
-			 tplg->manifest.priv.size);
+		tplg_log(tplg, 'B', tplg->bin_pos, "manifest: write %d priv bytes", tplg->manifest.priv.size);
 		ret = twrite(tplg, tplg->manifest_pdata, tplg->manifest.priv.size);
 	}
 	return ret;

src/topology/ctl.c

@@ -1111,7 +1111,7 @@ int tplg_add_enum(snd_tplg_t *tplg, struct snd_tplg_enum_template *enum_ctl,
 			if (enum_ctl->values[i] == NULL)
 				continue;
 
-			memcpy(&ec->values[i * sizeof(int) * ENUM_VAL_SIZE],
+			memcpy(&ec->values[i * ENUM_VAL_SIZE],
 				enum_ctl->values[i],
 				sizeof(int) * ENUM_VAL_SIZE);
 		}

src/topology/dapm.c

@@ -329,9 +329,9 @@ done:
 	buf[i] = 0;
 	source = &buf[i + 2];
 
-	strcpy(line->source, source);
-	strcpy(line->control, control);
-	strcpy(line->sink, sink);
+	snd_strlcpy(line->source, source, sizeof(line->source));
+	snd_strlcpy(line->control, control, sizeof(line->source));
+	snd_strlcpy(line->sink, sink, sizeof(line->source));
 	return 0;
 }
 

src/topology/data.c

@@ -461,8 +461,7 @@ static int copy_data_hex(char *data, int off, const char *str, int width)
 	return 0;
 }
 
-static int tplg_parse_data_hex(snd_config_t *cfg, struct tplg_elem *elem,
-	int width)
+static int tplg_parse_data_hex(snd_config_t *cfg, struct tplg_elem *elem, unsigned int width)
 {
 	struct snd_soc_tplg_private *priv;
 	const char *value = NULL;
@@ -471,11 +470,14 @@ static int tplg_parse_data_hex(snd_config_t *cfg, struct tplg_elem *elem,
 
 	tplg_dbg(" data: %s", elem->id);
 
+	if (width > 4)
+		return -EINVAL;
+
 	if (snd_config_get_string(cfg, &value) < 0)
 		return -EINVAL;
 
 	num = get_hex_num(value);
-	if (num <= 0) {
+	if (num <= 0 || num > 16384) {
 		snd_error(TOPOLOGY, "malformed hex variable list %s", value);
 		return -EINVAL;
 	}
@@ -483,14 +485,16 @@ static int tplg_parse_data_hex(snd_config_t *cfg, struct tplg_elem *elem,
 	size = num * width;
 	priv = elem->data;
 
-	if (size > TPLG_MAX_PRIV_SIZE) {
-		snd_error(TOPOLOGY, "data too big %d", size);
+	if (size < 0 || size > TPLG_MAX_PRIV_SIZE) {
+		snd_error(TOPOLOGY, "data too big %u", (unsigned int)size);
 		return -EINVAL;
 	}
 
 	if (priv != NULL) {
 		off = priv->size;
-		esize = elem->size + size;
+		if (off > 1024*1024)
+			return -ENOMEM;
+		esize = off + size;
 		priv = realloc(priv, esize);
 	} else {
 		off = 0;
@@ -1696,7 +1700,7 @@ static int tplg_verify_tuple_set(snd_tplg_t *tplg, size_t pos,
 	j = tplg_get_tuple_size(va->type) * va->num_elems;
 	if (j + sizeof(*va) != va->size) {
 		tplg_log(tplg, 'A', pos, "tuple set verify: wrong vendor array size %d "
-			 "(expected %d for %d count %d)",
+			 "(expected %zu for %d count %d)",
 			 va->size, j + sizeof(*va), va->type, va->num_elems);
 		return -EINVAL;
 	}

src/topology/ops.c

@@ -91,6 +91,8 @@ int tplg_parse_ops(snd_tplg_t *tplg ATTRIBUTE_UNUSED, snd_config_t *cfg,
 			if (snd_config_get_string(n, &value) < 0)
 				continue;
 			ival = lookup_ops(value);
+			if (ival < 0)
+				return ival;
 		} else {
 			if (tplg_get_integer(n, &ival, 0))
 				continue;
@@ -176,6 +178,8 @@ int tplg_parse_ext_ops(snd_tplg_t *tplg ATTRIBUTE_UNUSED,
 			if (snd_config_get_string(n, &value) < 0)
 				continue;
 			ival = lookup_ops(value);
+			if (ival < 0)
+				return ival;
 		} else {
 			if (tplg_get_integer(n, &ival, 0))
 				continue;