[alsa-devel] PATCH: ALSA: hda: fix possible null dereference

Takashi Iwai tiwai at suse.de
Mon Aug 24 08:30:11 CEST 2015 

On Sun, 23 Aug 2015 20:37:05 +0200,
Markus Osterhoff wrote:
> 
> Upgrading on Gentoo hardened from 4.0.8 to 4.1.6 (with intermediate 4.1.4), I
> noticed a NULL pointer derefence during booting, and tackled it down to
> 	static int add_std_chmaps(struct hda_codec *codec)
> in file sound/pci/hda/hda_codec.c
> 
> With commits bbbc7e85 and 751e2216, a for-loop was restated using
> list_for_each_entry(...); originally, a local pcm* was extracted from an array
> and checked against NULL, if not-NULL then passed along to
> snd_pcm_add_chmap_ctls(...).
> 
> Now, pcm->pcm is passed to snd_pcm_add_chmap_ctls, but the NULL pointer check
> still uses the “upper level” pcm, not the “in-loop” pcm->pcm.
> 
> Please have a look at the attached (rather small) suggestion to fix this
> problem.
> 
> 
> For a history of the function in question, have a look at lines 2430ff for
> 	git diff v4.0 v4.1 sound/pci/hda/hda_codec.c
> 
> The two commits that touched this function are
> Commit bbbc7e8502c9 ("ALSA: hda - Allocate hda_pcm objects dynamically")
> Commit 751e2216899c ("ALSA: hda: fix possible null dereference")
> 
> where the latter only fixes the order of two fixes, but not the pcm / pcm->pcm confusion.
> 
> 
> 
> Using v4.1-descendant sources, boot got OOPS like this (two bug-hunting printk's added up front):
> 
> > pcm: ffff88040cf83400
> > pcm->pcm: (nil)
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
> > IP: [<ffffffffa07feab9>] snd_pcm_add_chmap_ctls+0x119/0x1f0 [snd_pcm]
> > PGD 0 
> > Oops: 0000 [#1] PREEMPT SMP 
> 
> 
> NULL checking pcm->pcm instead of pcm fixes this problem.
> 
> 
> Greetings and thanks for your time, Markus
> 
> Signed-off-by: Markus Osterhoff <linux-kernel at k-raum.org>

Thanks for the patch.  But this was already fixed by commit
751e2216899c in 4.1-rc1.


Takashi

> ---
> --- sound/pci/hda/hda_codec.c	2015-08-23 20:02:57.281782648 +0200
> +++ sound/pci/hda/hda_codec.c.orig	2015-08-23 20:02:49.723783063 +0200
> @@ -3172,7 +3172,7 @@ static int add_std_chmaps(struct hda_cod
>  			struct snd_pcm_chmap *chmap;
>  			const struct snd_pcm_chmap_elem *elem;
>  
> -			if (!pcm->pcm || pcm->own_chmap ||
> +			if (!pcm || pcm->own_chmap ||
>  			    !hinfo->substreams)
>  				continue;
>  			elem = hinfo->chmap ? hinfo->chmap : snd_pcm_std_chmaps;
> 
>

More information about the Alsa-devel mailing list