lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 2 Jan 2015 09:07:32 +0000
From:	Qais Yousef <qais.yousef@...tec.com>
To:	Mark Brown <broonie@...nel.org>
CC:	<alsa-devel@...a-project.org>, Vinod Koul <vinod.koul@...el.com>,
	"Liam Girdwood" <lgirdwood@...il.com>,
	Jaroslav Kysela <perex@...ex.cz>,
	"Takashi Iwai" <tiwai@...e.de>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ALSA: ASoC: soc-compress.c: fix NULL dereference

On 12/29/2014 04:13 PM, Mark Brown wrote:
> On Tue, Dec 23, 2014 at 09:09:27AM +0000, Qais Yousef wrote:
>> In soc_new_compress() when rtd->dai_link->daynmic is set, we create the pcm
>> substreams with this call:
>>
>>     ret = snd_pcm_new_internal(rtd->card->snd_card, new_name, num,
>>                                     1, 0, &be_pcm);
>>
>> which passes 0 as capture_count leading to
>>
>>     be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream
>>
>> being NULL, hence when trying to set rtd a few lines below we get an oops.
>> Fix by removing this line of code since CAPTURE substream will always be NULL.
> Why will the capture stream always be NULL?  There should be no
> intrinsic reason why we can't have hardware support for capturing
> compressed audio.

I think because we pass 0 as capture_count in snd_pcm_new_internal(). If 
I read the code correctly this will lead to _snd_pcm_new() to be called 
which in return will call snd_pcm_new_stream(pcm, 
SNDRV_PCM_STREAM_CAPTURE, capture_count) which will cause no substream 
to be allocated for the capture case, hence being NULL. I get an oops in 
my experimental driver when I set dynamic = 1 in FE dai link. If I did 
something wrong there that caused this, it's not obvious to me how.

Maybe a better fix would be to replace the 1 and 0 in 
snd_pcm_new_internal() call with rtd->dai_link->dpcm_playback and 
rtd->dai_link->dpcm_capture.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ