| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <s5h1roey8vl.wl-tiwai@suse.de>
Date: Thu, 23 Apr 2020 09:11:10 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Xiyu Yang <xiyuyang19@...an.edu.cn>
Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
Xin Tan <tanxin.ctf@...il.com>,
"Geoffrey D. Bennett" <g@...vu>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Colin Ian King <colin.king@...onical.com>,
Thomas Gleixner <tglx@...utronix.de>,
Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>,
alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
yuanxzhang@...an.edu.cn, kjlu@....edu
Subject: Re: [PATCH] ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
On Thu, 23 Apr 2020 06:54:19 +0200,
Xiyu Yang wrote:
>
> snd_microii_spdif_default_get() invokes snd_usb_lock_shutdown(), which
> increases the refcount of the snd_usb_audio object "chip".
>
> When snd_microii_spdif_default_get() returns, local variable "chip"
> becomes invalid, so the refcount should be decreased to keep refcount
> balanced.
>
> The reference counting issue happens in several exception handling paths
> of snd_microii_spdif_default_get(). When those error scenarios occur
> such as usb_ifnum_to_if() returns NULL, the function forgets to decrease
> the refcnt increased by snd_usb_lock_shutdown(), causing a refcnt leak.
>
> Fix this issue by jumping to "end" label when those error scenarios
> occur.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@...il.com>
Applied now (with Cc-to-stable and Fixes tags).
thanks,
Takashi
Powered by blists - more mailing lists