| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Sep 2022 11:39:03 +0200
From: Takashi Iwai <tiwai@...e.de>
To: "Sabri N. Ferreiro" <snferreiro1@...il.com>
Cc: perex@...ex.cz, tiwai@...e.com, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: Re: general protection fault in release_urbs
On Fri, 30 Sep 2022 11:23:21 +0200,
Takashi Iwai wrote:
>
> On Fri, 30 Sep 2022 04:23:23 +0200,
> Sabri N. Ferreiro wrote:
> >
> > Hi,
> >
> > When I used fuzz testing to test Linux kernel 6.0.0-rc6, the kernel
> > triggered the following error:
> > HEAD commit: 521a547ced6477c54b4b0cc206000406c221b4d6
> > git tree: upstream
>
> Could you retest with 6.0-rc7 or later?
> A commit reverting the change might influence on the behavior
> significantly.
And if it's reproducible on 6.0-rc7, please try the following fix.
thanks,
Takashi
-- 8< --
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -95,12 +95,13 @@ static inline unsigned get_usb_high_speed_rate(unsigned int rate)
*/
static void release_urb_ctx(struct snd_urb_ctx *u)
{
- if (u->buffer_size)
+ if (u->urb && u->buffer_size)
usb_free_coherent(u->ep->chip->dev, u->buffer_size,
u->urb->transfer_buffer,
u->urb->transfer_dma);
usb_free_urb(u->urb);
u->urb = NULL;
+ u->buffer_size = 0;
}
static const char *usb_error_string(int err)
Powered by blists - more mailing lists