2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-22 20:23:57 +08:00
linux-next/sound/pci
Julia Lawall fa2b30af84 ALSA: sound/pci/ctxfi/ctpcm.c: Remove potential for use after free
In each function, the value apcm is stored in the private_data field of
runtime.  At the same time the function ct_atc_pcm_free_substream is stored
in the private_free field of the same structure.  ct_atc_pcm_free_substream
dereferences and ultimately frees the value in the private_data field.  But
each function can exit in an error case with apcm having been freed, in
which case a subsequent call to the private_free function would perform a
dereference after free.  On the other hand, if the private_free field is
not initialized, it is NULL, and not invoked (see snd_pcm_detach_substream
in sound/core/pcm.c).  To avoid the introduction of a dangling pointer, the
initializations of the private_data and private_free fields are moved to
the end of the function, past any possible free of apcm.  This is safe
because the previous calls to snd_pcm_hw_constraint_integer and
snd_pcm_hw_constraint_minmax, which take runtime as an argument, do not
refer to either of these fields.

In each function, there is one error case where apcm needs to be freed, and
a call to kfree is added.

The sematic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression e,e1,e2,e3;
identifier f,free1,free2;
expression a;
@@

*e->f = a
... when != e->f = e1
    when any
if (...) {
  ... when != free1(...,e,...)
      when != e->f = e2
* kfree(a)
  ... when != free2(...,e,...)
      when != e->f = e3
}
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-11-11 02:03:00 +01:00
..
ac97 include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ali5451 sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
asihpi ALSA: asihpi - Unsafe memory management when allocating control cache 2010-11-02 07:38:21 +01:00
au88x0 sound: fixed typos 2010-10-17 10:08:27 +02:00
aw2 ALSA: aw2-alsa.c: use pci_ids.h defines and fix checkpatch.pl noise 2010-05-25 08:39:28 +02:00
ca0106 ALSA: ca0106: Use card specific dac id for mute controls. 2010-10-23 16:59:53 +02:00
cs46xx ALSA: cs46xx memory management fixes for cs46xx_dsp_spos_create() 2010-11-01 10:26:23 +01:00
cs5535audio include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ctxfi ALSA: sound/pci/ctxfi/ctpcm.c: Remove potential for use after free 2010-11-11 02:03:00 +01:00
echoaudio ALSA: echoaudio: check kmalloc() result 2010-07-19 17:59:04 +02:00
emu10k1 sound: Remove unnecessary casts of private_data 2010-09-07 08:05:59 +02:00
hda ALSA: HDA: Enable digital mic on IDT 92HD87B 2010-11-11 02:01:07 +01:00
ice1712 sound: Remove unnecessary casts of private_data 2010-09-07 08:05:59 +02:00
korg1212 sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
lx6464es ALSA: lx6464es - make 1 bit signed bitfield unsigned 2010-11-01 10:28:35 +01:00
mixart ALSA: sound/mixart: avoid redefining {readl,write}_{le,be} accessors 2010-11-11 02:02:20 +01:00
nm256 sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
oxygen Merge branch 'fix/misc' into topic/misc 2010-10-11 13:45:22 +02:00
pcxhr sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
riptide ALSA: riptide - Fix detection / load of firmware files 2010-08-16 08:08:48 +02:00
rme9652 Merge branch 'fix/misc' into topic/misc 2010-10-11 13:45:22 +02:00
trident fix typos concerning "initiali[zs]e" 2010-06-16 18:05:05 +02:00
vx222 sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
ymfpci sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
ad1889.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
ad1889.h [ALSA] ad1889: add AD1889 driver 2005-09-12 10:40:17 +02:00
ak4531_codec.c ALSA: Fix missing KERN_* prefix to printk in sound/pci 2009-02-05 16:11:31 +01:00
als300.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
als4000.c ALSA: als4000: Fix potentially invalid DMA mode setup 2010-08-04 23:18:33 +02:00
atiixp_modem.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
atiixp.c Merge branch 'fix/misc' into topic/misc 2010-02-17 14:24:46 +01:00
azt3328.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
azt3328.h ALSA: azt3328: fix previous breakage, improve suspend, cleanups 2009-07-15 12:03:26 +02:00
bt87x.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
cmipci.c ALSA: cmipci: work around invalid PCM pointer 2010-03-24 08:02:11 +01:00
cs4281.c ALSA: info - Check file position validity in common layer 2010-04-13 12:01:14 +02:00
cs5530.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ens1370.c Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
ens1371.c
es1938.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
es1968.c ALSA: es1968: Clear interrupts before enabling them 2010-05-08 11:51:06 +02:00
fm801.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
intel8x0.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
intel8x0m.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
Kconfig ALSA: virtuoso: update Kconfig text 2010-09-09 10:53:43 +02:00
maestro3.c ALSA: maestro3: Clear interrupts before enabling them 2010-05-08 11:51:13 +02:00
Makefile ALSA: Add support of AudioScience ASI boards 2010-04-22 07:21:53 +02:00
rme32.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rme96.c sound: Remove unnecessary casts of private_data 2010-09-07 08:05:59 +02:00
sis7019.c sis7019: increase reset delays 2010-06-28 09:42:22 +02:00
sis7019.h trivial: fix typos s/paramter/parameter/ and s/excute/execute/ in documentation and source comments. 2009-06-12 18:01:46 +02:00
sonicvibes.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
via82xx_modem.c sound: use DEFINE_PCI_DEVICE_TABLE 2010-02-09 11:08:33 +01:00
via82xx.c ALSA: via82xx: allow changing the initial DXS volume 2010-07-12 17:25:27 +02:00