12 Nov
2019
12 Nov
'19
7:16 p.m.
On Tue, 12 Nov 2019 18:17:13 +0100, paulhsia wrote:
Since
- snd_pcm_detach_substream sets runtime to null without stream lock and
- snd_pcm_period_elapsed checks the nullity of the runtime outside of stream lock.
This will trigger null memory access in snd_pcm_running() call in snd_pcm_period_elapsed.
Well, if a stream is detached, it means that the stream must have been already closed; i.e. it's already a clear bug in the driver that snd_pcm_period_elapsed() is called against such a stream.
Or am I missing other possible case?
thanks,
Takashi
paulhsia (2): ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() ALSA: pcm: Use stream lock in snd_pcm_detach_substream()
sound/core/pcm.c | 8 +++++++- sound/core/pcm_lib.c | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-)
-- 2.24.0.rc1.363.gb1bccd3e3d-goog