[RFC v2] ALSA: control: fix a error handling exist in snd_ctl_elem_add
yangerkun
yangerkun at huawei.com
Tue Apr 14 08:51:09 CEST 2020
CVE-2020-11725 report that 'count = info->owner' may result a
SIZE_OVERFLOW. 'info->owner' represent a pid, and actually, we should
use info->count.
Signed-off-by: yangerkun <yangerkun at huawei.com>
---
sound/core/control.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
v1->v2: reword the patch head
diff --git a/sound/core/control.c b/sound/core/control.c
index aa0c0cf182af..c77ca7f39637 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -1431,7 +1431,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
return -ENOMEM;
/* Check the number of elements for this userspace control. */
- count = info->owner;
+ count = info->count;
if (count == 0)
count = 1;
--
2.21.1
More information about the Alsa-devel
mailing list