lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <s5htui1hvgi.wl-tiwai@suse.de>
Date:   Fri, 01 Oct 2021 12:48:29 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     Colin King <colin.king@...onical.com>
Cc:     Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
        Alexander Tsoy <alexander@...y.me>,
        alsa-devel@...a-project.org, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] ALSA: usb-audio: Fix sum of uninitialized variable sample_accum

On Fri, 01 Oct 2021 12:44:17 +0200,
Colin King wrote:
> 
> From: Colin Ian King <colin.king@...onical.com>
> 
> Variable sample_accum is not being intialized and then has
> ep->sample_rem added to it, leading to a bogus value. One solution
> is to initialize it to zero at declaration time, but it is probably
> best to just assign it to ep->sample_rem on first use.
> 
> Addresses-Coveriry: ("Uninitialized scalar variable")
> Fixes: f0bd62b64016 ("ALSA: usb-audio: Improve frames size computation")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>

Thanks for the patch, but it's no right fix.  The Fixes tag points to
a wrong commit, it was d215f63d49da9a8803af3e81acd6cad743686573
    ALSA: usb-audio: Check available frames for the next packet size
  
And sample_accum has to be initialized from ep->sample_accum instead.
I'll post the proper fix.


Takashi


> ---
>  sound/usb/endpoint.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
> index 42c0d2db8ba8..c6a33732db3f 100644
> --- a/sound/usb/endpoint.c
> +++ b/sound/usb/endpoint.c
> @@ -182,7 +182,7 @@ static int next_packet_size(struct snd_usb_endpoint *ep, unsigned int avail)
>  	if (ep->fill_max)
>  		return ep->maxframesize;
>  
> -	sample_accum += ep->sample_rem;
> +	sample_accum = ep->sample_rem;
>  	if (sample_accum >= ep->pps) {
>  		sample_accum -= ep->pps;
>  		ret = ep->packsize[1];
> -- 
> 2.32.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ