[PATCH] ALSA: firewire-digi00x: prevent potential use after free
This code was supposed to return an error code if init_stream() failed, but it instead freed dg00x->rx_stream and returned success. This potentially leads to a use after free.
Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain") Signed-off-by: Dan Carpenter dan.carpenter@linaro.org --- sound/firewire/digi00x/digi00x-stream.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/firewire/digi00x/digi00x-stream.c b/sound/firewire/digi00x/digi00x-stream.c index a15f55b0dce3..295163bb8abb 100644 --- a/sound/firewire/digi00x/digi00x-stream.c +++ b/sound/firewire/digi00x/digi00x-stream.c @@ -259,8 +259,10 @@ int snd_dg00x_stream_init_duplex(struct snd_dg00x *dg00x) return err;
err = init_stream(dg00x, &dg00x->tx_stream); - if (err < 0) + if (err < 0) { destroy_stream(dg00x, &dg00x->rx_stream); + return err; + }
err = amdtp_domain_init(&dg00x->domain); if (err < 0) {
On Tue, 09 May 2023 11:07:11 +0200, Dan Carpenter wrote:
This code was supposed to return an error code if init_stream() failed, but it instead freed dg00x->rx_stream and returned success. This potentially leads to a use after free.
Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain") Signed-off-by: Dan Carpenter dan.carpenter@linaro.org
Thanks, applied now.
Takashi
Hi,
On Fri, May 12, 2023 at 10:18:54AM +0200, Takashi Iwai wrote:
On Tue, 09 May 2023 11:07:11 +0200, Dan Carpenter wrote:
This code was supposed to return an error code if init_stream() failed, but it instead freed dg00x->rx_stream and returned success. This potentially leads to a use after free.
Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain") Signed-off-by: Dan Carpenter dan.carpenter@linaro.org
Thanks, applied now.
I overlooked the patch. It looks good to me as well.
Acked-by: Takashi Sakamoto o-takashi@sakamocchi.jp
Thanks
Takashi Sakamoto
participants (3)
-
Dan Carpenter
-
Takashi Iwai
-
Takashi Sakamoto