lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150113145931.GD3085@intel.com>
Date:	Tue, 13 Jan 2015 20:29:31 +0530
From:	Vinod Koul <vinod.koul@...el.com>
To:	Qais Yousef <qais.yousef@...tec.com>
Cc:	alsa-devel@...a-project.org, Liam Girdwood <lgirdwood@...il.com>,
	Mark Brown <broonie@...nel.org>,
	Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.de>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] ALSA: ASoC: soc-compress.c: fix NULL dereference

On Tue, Jan 13, 2015 at 11:18:53AM +0000, Qais Yousef wrote:
> In soc_new_compress() when rtd->dai_link->daynmic is set, we create the pcm
					   ^^^^^^^^
typo
> substreams with this call:
> 
>    ret = snd_pcm_new_internal(rtd->card->snd_card, new_name, num,
>                                    1, 0, &be_pcm);
> 
> which passes 0 as capture_count leading to
> 
>    be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream
> 
> being NULL, hence when trying to set rtd a few lines below we get an oops.
It is a good practice to add the oops here

> 
> Fix by using rtd->dai_link->dpcm_playback and rtd->dai_link->dpcm_capture as
> playback_count and capture_count to snd_pcm_new_internal().
> 
> Signed-off-by: Qais Yousef <qais.yousef@...tec.com>
> Cc: Vinod Koul <vinod.koul@...el.com>
> Cc: Liam Girdwood <lgirdwood@...il.com>
> Cc: Mark Brown <broonie@...nel.org>
> Cc: Jaroslav Kysela <perex@...ex.cz>
> Cc: Takashi Iwai <tiwai@...e.de>
> Cc: linux-kernel@...r.kernel.org
> ---
> v2->v1:
>    - use better way to fix it than just removing the line that caused the oops
> 
>  sound/soc/soc-compress.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/sound/soc/soc-compress.c b/sound/soc/soc-compress.c
> index 590a82f01d0b..27a668463ad7 100644
> --- a/sound/soc/soc-compress.c
> +++ b/sound/soc/soc-compress.c
> @@ -659,7 +659,8 @@ int soc_new_compress(struct snd_soc_pcm_runtime *rtd, int num)
>  			rtd->dai_link->stream_name);
>  
>  		ret = snd_pcm_new_internal(rtd->card->snd_card, new_name, num,
> -				1, 0, &be_pcm);
> +				rtd->dai_link->dpcm_playback,
> +				rtd->dai_link->dpcm_capture, &be_pcm);
>  		if (ret < 0) {
>  			dev_err(rtd->card->dev, "ASoC: can't create compressed for %s\n",
>  				rtd->dai_link->name);
> @@ -668,8 +669,10 @@ int soc_new_compress(struct snd_soc_pcm_runtime *rtd, int num)
>  
>  		rtd->pcm = be_pcm;
>  		rtd->fe_compr = 1;
> -		be_pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream->private_data = rtd;
> -		be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream->private_data = rtd;
> +		if (rtd->dai_link->dpcm_playback)
> +			be_pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream->private_data = rtd;
> +		if (rtd->dai_link->dpcm_capture)
this should be else if, as for compressed device we can have playback or
capture not both

> +			be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream->private_data = rtd;
>  		memcpy(compr->ops, &soc_compr_dyn_ops, sizeof(soc_compr_dyn_ops));
>  	} else
>  		memcpy(compr->ops, &soc_compr_ops, sizeof(soc_compr_ops));
> -- 
> 2.1.0
> 

-- 
~Vinod
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ