The "dev" variable could be out of bounds.  Calling
snd_seq_oss_synth_is_valid() checks that it is is a valid device
which has been opened.  We check this inside set_note_event() so
this function can't succeed without a valid "dev".  But we need to
do the check earlier to prevent invalid dereferences and memory
corruption.

One call tree where "dev" could be out of bounds is:
-> snd_seq_oss_oob_user()
   -> snd_seq_oss_process_event()
      -> extended_event()
         -> note_on_event()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>