| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jun 2019 11:22:50 +0200
From: Takashi Iwai <tiwai@...e.de>
To: "Colin Ian King" <colin.king@...onical.com>
Cc: <alsa-devel@...a-project.org>, "Jaroslav Kysela" <perex@...ex.cz>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: static analysis bug report: ALSA: swapped client and port arguments in calls to snd_seq_oss_fill_addr
On Thu, 27 Jun 2019 16:01:40 +0200,
Colin Ian King wrote:
>
> Hi there,
>
> Static analysis with Coverity has picked up two potential issues with
> the call to function snd_seq_oss_fill_addr. The prototype of
> snd_seq_oss_fill_addr is as follows:
>
> static inline void
> snd_seq_oss_fill_addr(struct seq_oss_devinfo *dp, struct snd_seq_event
> *ev,int dest_client, int dest_port)
>
>
> However, in sound/core/seq/oss/seq_oss_ioctl.c in function
> snd_seq_oss_oob_user it is being called as follows:
>
> snd_seq_oss_fill_addr(dp, &tmpev, dp->addr.port, dp->addr.client);
>
> and also in sound/core/seq/oss/seq_oss_rw.c in function is it also being
> called as follows:
>
> snd_seq_oss_fill_addr(dp, &event, dp->addr.port, dp->addr.client);
>
> ..as one can see, in both cases the port and client arguments are
> swapped compared to the function prototype. I doubt this is intentional
> but you never know. Are these bugs?
That's a clear bug, the order should be (client, port), so it's bugs
in the caller side. They are rare use case, so probably no one really
hits or is annoyed -- the latter is a note-off just to be sure, and
the former is a special ioctl probably that has been never used :)
In anyway, would you send me a fix patch?
Thanks!
Takashi
>
> Colin
>
Powered by blists - more mailing lists