lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Dec 2014 13:20:26 +0000
From:	Mark Brown <broonie@...nel.org>
To:	Kevin Strasser <kevin.strasser@...el.com>
Cc:	alsa-devel@...a-project.org, Liam Girdwood <lgirdwood@...il.com>,
	Vinod Koul <vinod.koul@...el.com>,
	Mengdong Lin <mengdong.lin@...el.com>,
	Yang Fang <yang.a.fang@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ASoC: Intel: fix possible acpi enumeration panic

On Wed, Dec 10, 2014 at 11:21:57PM -0800, Kevin Strasser wrote:

> A crash can occur on some platforms where adsp is enumerated but codec
> is not matched. Check that the codec_id string is valid before
> attempting to match.

> -	for (mach = machines; mach->codec_id; mach++)
> +	for (mach = machines; mach->codec_id[0]; mach++)

This changes the check from verifying if a codec_id is present to
verifying if the first character in the codec_id is non-NULL.  That
doesn't seem obviously safer and the tables of machines seem to be
terminated by having an entry with all fields set to zero (which is
a common idiom in Linux) which would now crash with this change.

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ