[alsa-devel] [PATCH 0/1] sound/hda/hdac_stream: Avoid NULL pointer dereference
Seems like commit 9b6f7e7a296e17990aae298c809b001e99ddd151 introduced NULL pointer dereference for ca0132 codec. When ca0132 loads firmware, snd_hdac_stream_start is called with azx_dev->substream being NULL.
This patch calls snd_hdac_get_stream_stripe_ctl only when azx_dev->substream is not NULL. Even if I'm not sure if this is correct, since it might be that ca0132 codec does something wrong, with this change NULL pointer dereference doesn't happen and ca0132 works again on my system with Recon3Di.
Mariusz Ceier (1): sound/hda/hdac_stream: Avoid NULL pointer dereference
sound/hda/hdac_stream.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
For ca0132 codec, azx_dev->stream is NULL during firmware loading. Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL pointer dereference in that function.
Signed-off-by: Mariusz Ceier mceier+kernel@gmail.com --- sound/hda/hdac_stream.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c index f5dd288d1a7a..76e9b41fcea2 100644 --- a/sound/hda/hdac_stream.c +++ b/sound/hda/hdac_stream.c @@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start) 1 << azx_dev->index, 1 << azx_dev->index); /* set stripe control */ - stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream); + if (azx_dev->substream) + stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream); + else + stripe_ctl = 0; snd_hdac_stream_updateb(azx_dev, SD_CTL_3B, SD_CTL_STRIPE_MASK, stripe_ctl); /* set DMA start and interrupt mask */
On Mon, 11 Mar 2019 21:53:57 +0100, Mariusz Ceier wrote:
For ca0132 codec, azx_dev->stream is NULL during firmware loading. Calling snd_hdac_get_stream_stripe_ctl unconditionally causes NULL pointer dereference in that function.
Signed-off-by: Mariusz Ceier mceier+kernel@gmail.com
Applied now (with a proper Fixes tag).
thanks,
Takashi
sound/hda/hdac_stream.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/hda/hdac_stream.c b/sound/hda/hdac_stream.c index f5dd288d1a7a..76e9b41fcea2 100644 --- a/sound/hda/hdac_stream.c +++ b/sound/hda/hdac_stream.c @@ -95,7 +95,10 @@ void snd_hdac_stream_start(struct hdac_stream *azx_dev, bool fresh_start) 1 << azx_dev->index, 1 << azx_dev->index); /* set stripe control */
- stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);
- if (azx_dev->substream)
stripe_ctl = snd_hdac_get_stream_stripe_ctl(bus, azx_dev->substream);- else
stripe_ctl = 0;-- 2.21.0
participants (2)
-
Mariusz Ceier -
Takashi Iwai