lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat,  5 Sep 2020 12:26:13 -0700
From:   trix@...hat.com
To:     vkoul@...nel.org, yung-chuan.liao@...ux.intel.com,
        pierre-louis.bossart@...ux.intel.com, sanyog.r.kale@...el.com,
        natechancellor@...il.com, ndesaulniers@...gle.com,
        guennadi.liakhovetski@...ux.intel.com, kai.vehmanen@...ux.intel.com
Cc:     alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
        clang-built-linux@...glegroups.com, Tom Rix <trix@...hat.com>
Subject: [PATCH] soundwire: stream: fix an invalid free

From: Tom Rix <trix@...hat.com>

clang static analyzer reports this problem

stream.c:872:2: warning: Argument to kfree() is a constant
  address (18446744073709551092), which is not memory
  allocated by malloc()
        kfree(stream);
        ^~~~~~~~~~~~~

In sdw_shutdown_stream() the stream to free is set by
a call to snd_soc_dai_get_sdw_stream().  The problem block
is the check if the call was successful.

	if (!sdw_stream) {
		dev_err(rtd->dev, "no stream found...
		return;
	}

When snd_soc_dai_get_sdw_stream() fails, it does not
always return null, sometimes it returns -ENOTSUPP.

So also check for error codes.

Fixes: 4550569bd779 ("soundwire: stream: add helper to startup/shutdown streams")
Signed-off-by: Tom Rix <trix@...hat.com>
---
 drivers/soundwire/stream.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c
index 6e36deb505b1..950231d593c2 100644
--- a/drivers/soundwire/stream.c
+++ b/drivers/soundwire/stream.c
@@ -1913,7 +1913,7 @@ void sdw_shutdown_stream(void *sdw_substream)
 
 	sdw_stream = snd_soc_dai_get_sdw_stream(dai, substream->stream);
 
-	if (!sdw_stream) {
+	if (IS_ERR_OR_NULL(sdw_stream)) {
 		dev_err(rtd->dev, "no stream found for DAI %s", dai->name);
 		return;
 	}
-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ