29 May
2023
29 May
'23
10:11 p.m.
Hi there,
We found a data race could happen between snd_seq_oss_midi_open() and snd_seq_oss_midi_filemode() over the variable mdev->opened.
When running concurrently, snd_seq_oss_midi_open() makes the return value of snd_seq_oss_midi_filemode() non-deterministic: Thread-1 Thread-2 //snd_seq_oss_midi_filemode() //snd_seq_oss_midi_open() if (mdev->opened & PERM_WRITE) mode |= SNDRV_SEQ_OSS_FILE_WRITE; mdev->opened |= PERM_READ; if (mdev->opened & PERM_READ) mode |= SNDRV_SEQ_OSS_FILE_READ;
It is not clear to us that whether this is a serious problem but we would like to report this just in case.
Thanks, Sishuai