lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Dec 2014 09:09:27 +0000
From:	Qais Yousef <qais.yousef@...tec.com>
To:	<alsa-devel@...a-project.org>
CC:	Qais Yousef <qais.yousef@...tec.com>,
	Vinod Koul <vinod.koul@...el.com>,
	Liam Girdwood <lgirdwood@...il.com>,
	Mark Brown <broonie@...nel.org>,
	Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.de>,
	<linux-kernel@...r.kernel.org>
Subject: [PATCH] ALSA: ASoC: soc-compress.c: fix NULL dereference

In soc_new_compress() when rtd->dai_link->daynmic is set, we create the pcm
substreams with this call:

   ret = snd_pcm_new_internal(rtd->card->snd_card, new_name, num,
                                   1, 0, &be_pcm);

which passes 0 as capture_count leading to

   be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream

being NULL, hence when trying to set rtd a few lines below we get an oops.
Fix by removing this line of code since CAPTURE substream will always be NULL.

Signed-off-by: Qais Yousef <qais.yousef@...tec.com>
Cc: Vinod Koul <vinod.koul@...el.com>
Cc: Liam Girdwood <lgirdwood@...il.com>
Cc: Mark Brown <broonie@...nel.org>
Cc: Jaroslav Kysela <perex@...ex.cz>
Cc: Takashi Iwai <tiwai@...e.de>
Cc: linux-kernel@...r.kernel.org
---
Not sure if this is the correct fix but that's what I could come up with my
limited knowledge.

I think the more correct solution would be to use the value of
rtd->dai_link->dpcm_playback and rtd->dai_link->dpcm_capture in the args of
snd_pcm_new_internal() for playback_count and capture_count.

 sound/soc/soc-compress.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sound/soc/soc-compress.c b/sound/soc/soc-compress.c
index 590a82f01d0b..7ab39f65384c 100644
--- a/sound/soc/soc-compress.c
+++ b/sound/soc/soc-compress.c
@@ -669,7 +669,6 @@ int soc_new_compress(struct snd_soc_pcm_runtime *rtd, int num)
 		rtd->pcm = be_pcm;
 		rtd->fe_compr = 1;
 		be_pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream->private_data = rtd;
-		be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream->private_data = rtd;
 		memcpy(compr->ops, &soc_compr_dyn_ops, sizeof(soc_compr_dyn_ops));
 	} else
 		memcpy(compr->ops, &soc_compr_ops, sizeof(soc_compr_ops));
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ