| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 07:22:45 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: support.opensource@...semi.com, lgirdwood@...il.com,
broonie@...nel.org, perex@...ex.cz, tiwai@...e.com,
Adam.Thomson.Opensource@...semi.com
Cc: alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org,
Christophe JAILLET <christophe.jaillet@...adoo.fr>
Subject: [PATCH] ASoC: da7219: Fix an out-of-bound read in an error handling path
If 'of_clk_add_hw_provider()' fails, the previous 'for' loop will have
run completely and 'i' is know to be 'DA7219_DAI_NUM_CLKS'.
In such a case, there will be an out-of-bounds access when using
'da7219->dai_clks_lookup[i]' and '&da7219->dai_clks_hw[i]'.
To avoid that, add a new label, 'err_free_all', which set the expected
value of 'i' in such a case.
Fixes: 78013a1cf297 ("ASoC: da7219: Fix clock handling around codec level probe")
Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
sound/soc/codecs/da7219.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/da7219.c b/sound/soc/codecs/da7219.c
index 13009d08b09a..1e8b491d1fd3 100644
--- a/sound/soc/codecs/da7219.c
+++ b/sound/soc/codecs/da7219.c
@@ -2204,12 +2204,14 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
da7219->clk_hw_data);
if (ret) {
dev_err(dev, "Failed to register clock provider\n");
- goto err;
+ goto err_free_all;
}
}
return 0;
+err_free_all:
+ i = DA7219_DAI_NUM_CLKS - 1;
err:
do {
if (da7219->dai_clks_lookup[i])
--
2.30.2
Powered by blists - more mailing lists