[alsa-devel] [PATCH 0/5] ASoC: small fixes for bugs reported by Coverity
Hi,
this is another series of small fixes for bugs reported by Coverity, this time about ASoC core codes.
Takashi
The provided texts aren't guaranteed to be in the fixed size. Spotted by coverity CID 139318.
Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index afc3fa8..bdc1d74 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -2551,8 +2551,9 @@ int snd_soc_info_enum_double(struct snd_kcontrol *kcontrol,
if (uinfo->value.enumerated.item > e->max - 1) uinfo->value.enumerated.item = e->max - 1; - strcpy(uinfo->value.enumerated.name, - e->texts[uinfo->value.enumerated.item]); + strlcpy(uinfo->value.enumerated.name, + e->texts[uinfo->value.enumerated.item], + sizeof(uinfo->value.enumerated.name)); return 0; } EXPORT_SYMBOL_GPL(snd_soc_info_enum_double);
The error message in dapm_create_or_share_mixmux_kcontrol() refers to the string "name", which may be "long_name" that has been already freed. Delay the release of long_name to the place just before return.
Spotted by coverity CID 1042678.
Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-dapm.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index 2fb0b72..d2ff080 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -687,7 +687,7 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w, int shared; struct snd_kcontrol *kcontrol; bool wname_in_long_name, kcname_in_long_name; - char *long_name; + char *long_name = NULL; const char *name; int ret;
@@ -745,24 +745,23 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w,
name = long_name; } else if (wname_in_long_name) { - long_name = NULL; name = w->name + prefix_len; } else { - long_name = NULL; name = w->kcontrol_news[kci].name; }
kcontrol = snd_soc_cnew(&w->kcontrol_news[kci], NULL, name, prefix); - kfree(long_name); - if (!kcontrol) - return -ENOMEM; + if (!kcontrol) { + ret = -ENOMEM; + goto error; + } kcontrol->private_free = dapm_kcontrol_free;
ret = dapm_kcontrol_data_alloc(w, kcontrol); if (ret) { snd_ctl_free_one(kcontrol); - return ret; + goto error; }
ret = snd_ctl_add(card, kcontrol); @@ -770,16 +769,18 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w, dev_err(dapm->dev, "ASoC: failed to add widget %s dapm kcontrol %s: %d\n", w->name, name, ret); - return ret; + goto error; } }
ret = dapm_kcontrol_add_widget(kcontrol, w); if (ret) - return ret; + goto error;
w->kcontrols[kci] = kcontrol;
+ error: + kfree(long_name); return 0; }
On Mon, Oct 28, 2013 at 02:21:47PM +0100, Takashi Iwai wrote:
The error message in dapm_create_or_share_mixmux_kcontrol() refers to the string "name", which may be "long_name" that has been already freed. Delay the release of long_name to the place just before return.
Applied, thanks. Please use "dapm" not "DAPM" in the subject.
In a slightest path (both source and sink hw_params are NULL), the function may return an uninitialized value.
Spotted by coverity CID 703453.
Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-dapm.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index d2ff080..c21c8e7 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -3428,6 +3428,8 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, goto out; } } + + ret = 0; break;
case SND_SOC_DAPM_POST_PMU:
On Mon, Oct 28, 2013 at 02:21:48PM +0100, Takashi Iwai wrote:
In a slightest path (both source and sink hw_params are NULL), the function may return an uninitialized value.
Applied, thanks.
... due to a copy & paste error.
Spotted by coverity CID 710923.
Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-dapm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index c21c8e7..8ab2b35 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -1975,7 +1975,7 @@ static ssize_t dapm_widget_power_read_file(struct file *file, w->active ? "active" : "inactive");
list_for_each_entry(p, &w->sources, list_sink) { - if (p->connected && !p->connected(w, p->sink)) + if (p->connected && !p->connected(w, p->source)) continue;
if (p->connect)
... instead of NULL dereferences.
Spotted by coverity CID 402004.
Signed-off-by: Takashi Iwai tiwai@suse.de --- sound/soc/soc-dapm.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index 8ab2b35..458c672 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -3528,6 +3528,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm, if (!w) { dev_err(dapm->dev, "ASoC: Failed to create %s widget\n", dai->driver->playback.stream_name); + return -ENOMEM; }
w->priv = dai; @@ -3546,6 +3547,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm, if (!w) { dev_err(dapm->dev, "ASoC: Failed to create %s widget\n", dai->driver->capture.stream_name); + return -ENOMEM; }
w->priv = dai;
participants (2)
-
Mark Brown -
Takashi Iwai