[PATCH] ASoC: amd: acp: Fix possible UAF in acp_dma_open
cuigaosheng
cuigaosheng1 at huawei.com
Fri Nov 18 04:42:16 CET 2022
> Is it not better to only add the newly allocated stream to the
> list once it's fully initialised? Otherwise something could be
> using a partially initialised item from the list.
Thanks for taking time to review this patch.
I have made a patch v2 and submit it, fix it by adding the newly allocated stream to the
list once it's fully initialised.
On 2022/11/17 19:16, Mark Brown wrote:
> On Thu, Nov 17, 2022 at 02:12:48PM +0800, Gaosheng Cui wrote:
>> Smatch report warning as follows:
>>
>> sound/soc/amd/acp/acp-platform.c:199 acp_dma_open() warn:
>> '&stream->list' not removed from list
>>
>> If snd_pcm_hw_constraint_integer() fails in acp_dma_open(),
>> stream will be freed, but stream->list will not be removed from
>> adata->stream_list, then list traversal may cause UAF.
> Is it not better to only add the newly allocated stream to the
> list once it's fully initialised? Otherwise something could be
> using a partially initialised item from the list.
More information about the Alsa-devel
mailing list