lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87v7q1rv3m.wl-kuninori.morimoto.gx@renesas.com>
Date: Fri, 16 May 2025 05:19:09 +0000
From: Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>
To: Chen-Yu Tsai <wenst@...omium.org>
Cc: Liam Girdwood <lgirdwood@...il.com>,
	Mark Brown <broonie@...nel.org>,
	Jaroslav Kysela <perex@...ex.cz>,
	Takashi Iwai <tiwai@...e.com>,
	linux-sound@...r.kernel.org,
	linux-mediatek@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ASoC: soc-utils: Check string pointer validity in snd_soc_dlc_is_dummy()


Hi Chen-Yu

> In the recently added snd_soc_dlc_is_dummy(), the helper uses the .name
> and .dai_name fields without checking their validity.
> 
> For .name, this field is NULL if the component is matched by .of_node
> instead. In fact, only one of these fields may be set. This caused a
> NULL pointer dereference on MediaTek MT8195 and MT8188 platforms with
> the subsequent conversion to snd_soc_dlc_is_dummy() in their machine
> drivers. The codecs are all matches through the device tree, so their
> .name fields are empty.
> 
> For .dai_name, there are cases where this field is empty, such as for
> the following component definitions:
> 
> 	#define COMP_EMPTY()                    { }
> 	#define COMP_PLATFORM(_name)            { .name = _name }
> 	#define COMP_AUX(_name)                 { .name = _name }
> 	#define COMP_CODEC_CONF(_name)          { .name = _name }
> 
> Or the single link CPU DAI case in the simple audio card family, as
> covered by simple_util_canonicalize_cpu(), in which the .dai_name
> field is explicitly cleared.
> 
> To fix this, check the validity of the fields before using them in
> string comparison.
> 
> Fixes: 3e021f3b8115 ("ASoC: soc-utils: add snd_soc_dlc_is_dummy()")
> Cc: Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>
> Signed-off-by: Chen-Yu Tsai <wenst@...omium.org>
> ---

Yes, indeed

Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>

Thank you for your help !!

Best regards
---
Kuninori Morimoto

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ