[alsa-devel] [patch] ALSA: asihpi - off by one in asihpi_hpi_ioctl()
Takashi Iwai
tiwai at suse.de
Wed Jul 27 15:06:03 CEST 2011
At Wed, 27 Jul 2011 09:02:13 -0400,
Dan Rosenberg wrote:
>
>
> > > Also it moved the initialization of "pa" down a couple lines so I'm
> > > concerned there may be a bogus derereference here when we check
> > > pa->type. I don't have the hardware, so I can't test this.
> > >
> >
> > I agree. This code seems to make assumptions in more than one place
> > that the adapters array is fully populated with non-NULL elements. At a
> > glance, I can't see where such initialization occurs though.
> >
>
> I hadn't read the updated code fully, so I missed what you meant. Yes,
> this is definitely a NULL dereference, since "pa" is initialized to NULL
> and not changed until after this dereference.
NULL dereference was already fixed today in sound git tree by commit
767cd365b22820df07b962b49ce04b220b98e537.
It'll be included in the pull request in the next days, maybe
tomorrow.
thanks,
Takashi
More information about the Alsa-devel
mailing list