lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <s5hd0iy6p3p.wl-tiwai@suse.de>
Date:   Fri, 28 Jun 2019 11:22:50 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     "Colin Ian King" <colin.king@...onical.com>
Cc:     <alsa-devel@...a-project.org>, "Jaroslav Kysela" <perex@...ex.cz>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: static analysis bug report: ALSA: swapped client and port arguments in calls to snd_seq_oss_fill_addr

On Thu, 27 Jun 2019 16:01:40 +0200,
Colin Ian King wrote:
> 
> Hi there,
> 
> Static analysis with Coverity has picked up two potential issues with
> the call to function snd_seq_oss_fill_addr. The prototype of
> snd_seq_oss_fill_addr is as follows:
> 
> static inline void
> snd_seq_oss_fill_addr(struct seq_oss_devinfo *dp, struct snd_seq_event
> *ev,int dest_client, int dest_port)
> 
> 
> However, in sound/core/seq/oss/seq_oss_ioctl.c in function
> snd_seq_oss_oob_user it is being called as follows:
> 
> 	 snd_seq_oss_fill_addr(dp, &tmpev, dp->addr.port, dp->addr.client);
> 
> and also in sound/core/seq/oss/seq_oss_rw.c in function is it also being
> called as follows:
> 
> 	snd_seq_oss_fill_addr(dp, &event, dp->addr.port, dp->addr.client);
> 
> ..as one can see, in both cases the port and client arguments are
> swapped compared to the function prototype.  I doubt this is intentional
> but you never know. Are these bugs?

That's a clear bug, the order should be (client, port), so it's bugs
in the caller side.  They are rare use case, so probably no one really
hits or is annoyed -- the latter is a note-off just to be sure, and
the former is a special ioctl probably that has been never used :)

In anyway, would you send me a fix patch?


Thanks!

Takashi

> 
> Colin
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ