| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <16da19126ff461e5e64a9aec648cce28fb8ed73e.1615242183.git.paskripkin@gmail.com>
Date: Tue, 9 Mar 2021 01:30:57 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: perex@...ex.cz, tiwai@...e.com, kai.heng.feng@...onical.com
Cc: alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
Pavel Skripkin <paskripkin@...il.com>
Subject: [PATCH next 2/2] sound: usb: fix use after free in usb_audio_disconnect
The problem was in wrong "if" placement. chip->quirk_type is freed
in snd_card_free_when_closed(), but inside if statement it's accesed.
Fixes: 9799110825db ("ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend()"
Signed-off-by: Pavel Skripkin <paskripkin@...il.com>
---
sound/usb/card.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/usb/card.c b/sound/usb/card.c
index 3fd1743513b5..b6f4c0848e66 100644
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -907,6 +907,9 @@ static void usb_audio_disconnect(struct usb_interface *intf)
}
}
+ if (chip->quirk_type & QUIRK_SETUP_DISABLE_AUTOSUSPEND)
+ usb_enable_autosuspend(interface_to_usbdev(intf));
+
chip->num_interfaces--;
if (chip->num_interfaces <= 0) {
usb_chip[chip->index] = NULL;
@@ -915,9 +918,6 @@ static void usb_audio_disconnect(struct usb_interface *intf)
} else {
mutex_unlock(®ister_mutex);
}
-
- if (chip->quirk_type & QUIRK_SETUP_DISABLE_AUTOSUSPEND)
- usb_enable_autosuspend(interface_to_usbdev(intf));
}
/* lock the shutdown (disconnect) task and autoresume */
--
2.25.1
Powered by blists - more mailing lists