[PATCH] ASoC: amd: acp: Fix possible UAF in acp_dma_open
Mark Brown
broonie at kernel.org
Thu Nov 17 12:16:12 CET 2022
On Thu, Nov 17, 2022 at 02:12:48PM +0800, Gaosheng Cui wrote:
> Smatch report warning as follows:
>
> sound/soc/amd/acp/acp-platform.c:199 acp_dma_open() warn:
> '&stream->list' not removed from list
>
> If snd_pcm_hw_constraint_integer() fails in acp_dma_open(),
> stream will be freed, but stream->list will not be removed from
> adata->stream_list, then list traversal may cause UAF.
Is it not better to only add the newly allocated stream to the
list once it's fully initialised? Otherwise something could be
using a partially initialised item from the list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://mailman.alsa-project.org/pipermail/alsa-devel/attachments/20221117/48434dfb/attachment.sig>
More information about the Alsa-devel
mailing list