lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <4fdde55198294a07f04933f7cef937fcb654c901.1624425670.git.christophe.jaillet@wanadoo.fr>
Date:   Wed, 23 Jun 2021 07:22:45 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     support.opensource@...semi.com, lgirdwood@...il.com,
        broonie@...nel.org, perex@...ex.cz, tiwai@...e.com,
        Adam.Thomson.Opensource@...semi.com
Cc:     alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>
Subject: [PATCH] ASoC: da7219: Fix an out-of-bound read in an error handling path

If 'of_clk_add_hw_provider()' fails, the previous 'for' loop will have
run completely and 'i' is know to be 'DA7219_DAI_NUM_CLKS'.

In such a case, there will be an out-of-bounds access when using
'da7219->dai_clks_lookup[i]' and '&da7219->dai_clks_hw[i]'.

To avoid that, add a new label, 'err_free_all', which set the expected
value of 'i' in such a case.

Fixes: 78013a1cf297 ("ASoC: da7219: Fix clock handling around codec level probe")
Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
 sound/soc/codecs/da7219.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sound/soc/codecs/da7219.c b/sound/soc/codecs/da7219.c
index 13009d08b09a..1e8b491d1fd3 100644
--- a/sound/soc/codecs/da7219.c
+++ b/sound/soc/codecs/da7219.c
@@ -2204,12 +2204,14 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
 					     da7219->clk_hw_data);
 		if (ret) {
 			dev_err(dev, "Failed to register clock provider\n");
-			goto err;
+			goto err_free_all;
 		}
 	}
 
 	return 0;
 
+err_free_all:
+	i = DA7219_DAI_NUM_CLKS - 1;
 err:
 	do {
 		if (da7219->dai_clks_lookup[i])
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ