lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0bce4268-cac5-4dee-451d-cfafb5efdb8b@canonical.com>
Date:   Fri, 1 Oct 2021 12:07:03 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Takashi Iwai <tiwai@...e.de>
Cc:     Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
        Alexander Tsoy <alexander@...y.me>,
        alsa-devel@...a-project.org, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] ALSA: usb-audio: Fix sum of uninitialized variable
 sample_accum

On 01/10/2021 11:48, Takashi Iwai wrote:
> On Fri, 01 Oct 2021 12:44:17 +0200,
> Colin King wrote:
>>
>> From: Colin Ian King <colin.king@...onical.com>
>>
>> Variable sample_accum is not being intialized and then has
>> ep->sample_rem added to it, leading to a bogus value. One solution
>> is to initialize it to zero at declaration time, but it is probably
>> best to just assign it to ep->sample_rem on first use.
>>
>> Addresses-Coveriry: ("Uninitialized scalar variable")
>> Fixes: f0bd62b64016 ("ALSA: usb-audio: Improve frames size computation")
>> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> 
> Thanks for the patch, but it's no right fix.  The Fixes tag points to
> a wrong commit, it was d215f63d49da9a8803af3e81acd6cad743686573
>      ALSA: usb-audio: Check available frames for the next packet size
>    
> And sample_accum has to be initialized from ep->sample_accum instead.
> I'll post the proper fix.

Thanks Takshi.

Colin

> 
> 
> Takashi
> 
> 
>> ---
>>   sound/usb/endpoint.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
>> index 42c0d2db8ba8..c6a33732db3f 100644
>> --- a/sound/usb/endpoint.c
>> +++ b/sound/usb/endpoint.c
>> @@ -182,7 +182,7 @@ static int next_packet_size(struct snd_usb_endpoint *ep, unsigned int avail)
>>   	if (ep->fill_max)
>>   		return ep->maxframesize;
>>   
>> -	sample_accum += ep->sample_rem;
>> +	sample_accum = ep->sample_rem;
>>   	if (sample_accum >= ep->pps) {
>>   		sample_accum -= ep->pps;
>>   		ret = ep->packsize[1];
>> -- 
>> 2.32.0
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ