[alsa-devel] [PATCH] alsa-lib: pcm: segmentation fault snd_pcm_open
Previously, calling snd_pcm_open with a null pointer argument for "name" caused a segmentation fault in snd_config_search_definition. The segmentation fault resulted from invoking undefined behavior by calling strchr with a null pointer argument.
The issue can be reproduced by passing a null pointer for "name" to snd_pcm_open.
To prevent this instance of strchr to be invoked with a null pointer argument, snd_config_search_definition now returns EINVAL if argument "name" is a null pointer.
Signed-off-by: Markus Seeber markus.seeber@spectralbird.de --- src/conf.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/src/conf.c b/src/conf.c index e71bb972..e04b575b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -5078,6 +5078,8 @@ int snd_config_search_definition(snd_config_t *config, { snd_config_t *conf; char *key; + if(name == NULL) + return -EINVAL; const char *args = strchr(name, ':'); int err; if (args) {
On Fri, 08 Dec 2017 15:19:55 +0100, Markus Seeber wrote:
Previously, calling snd_pcm_open with a null pointer argument for "name" caused a segmentation fault in snd_config_search_definition. The segmentation fault resulted from invoking undefined behavior by calling strchr with a null pointer argument.
The issue can be reproduced by passing a null pointer for "name" to snd_pcm_open.
To prevent this instance of strchr to be invoked with a null pointer argument, snd_config_search_definition now returns EINVAL if argument "name" is a null pointer.
Signed-off-by: Markus Seeber markus.seeber@spectralbird.de
The NULL check of name argument is done in the caller side via assert() in snd_pcm_open(). So this check is redundant.
It's another question whether we should make the check mandatory instead of assert(), though. Basically it's a bug of the application that calls with name=NULL, and assert() was considered to catch that.
thanks,
Takashi
participants (2)
-
Markus Seeber -
Takashi Iwai