[PATCH] ALSA: Remove the runtime local variable in snd_pcm_period

alsa-devel.alsa-project.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed
@ 2014-06-27 18:13 JongHo Kim
  2014-06-27 19:00 ` Jaroslav Kysela
  0 siblings, 1 reply; 2+ messages in thread
From: JongHo Kim @ 2014-06-27 18:13 UTC (permalink / raw)
  To: Takashi Iwai, Jaroslav Kysela; +Cc: alsa-devel, Tim Gardner, Mark Brown

>From a46df32a4fc184364be45ffe8957d5a20818d979 Mon Sep 17 00:00:00 2001
From: JongHo Kim <furmuwon@gmail.com>
Date: Sat, 28 Jun 2014 02:49:13 +0900
Subject: [PATCH] ALSA: Remove the runtime local variable in
  snd_pcm_period_elapsed

The local runtime variable in snd_pcm_period_elapsed has the value
of substream->runtime. If the substream->runtime memory was freed,
The local runtime variable can point the invalid memory.
If do not fix this, can refer to freed memory.
This patch remove local runtime variable and check the NULL directly.

Signed-off-by: JongHo Kim <furmuwon@gmail.com>
---
  sound/core/pcm_lib.c | 14 +++++++-------
  1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
index 9acc77e..c3de2d3 100644
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1836,15 +1836,13 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl);
   */
  void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
  {
-	struct snd_pcm_runtime *runtime;
  	unsigned long flags;

  	if (PCM_RUNTIME_CHECK(substream))
  		return;
-	runtime = substream->runtime;

-	if (runtime->transfer_ack_begin)
-		runtime->transfer_ack_begin(substream);
+	if (substream->runtime && substream->runtime->transfer_ack_begin)
+		substream->runtime->transfer_ack_begin(substream);

  	snd_pcm_stream_lock_irqsave(substream, flags);
  	if (!snd_pcm_running(substream) ||
@@ -1855,9 +1853,11 @@ void snd_pcm_period_elapsed(struct 
snd_pcm_substream *substream)
  		snd_timer_interrupt(substream->timer, 1);
   _end:
  	snd_pcm_stream_unlock_irqrestore(substream, flags);
-	if (runtime->transfer_ack_end)
-		runtime->transfer_ack_end(substream);
-	kill_fasync(&runtime->fasync, SIGIO, POLL_IN);
+	if (substream->runtime && substream->runtime->transfer_ack_end)
+		substream->runtime->transfer_ack_end(substream);
+
+	if (substream->runtime)
+		kill_fasync(&substream->runtime->fasync, SIGIO, POLL_IN);
  }

  EXPORT_SYMBOL(snd_pcm_period_elapsed);
-- 
1.8.1.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed
  2014-06-27 18:13 [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed JongHo Kim
@ 2014-06-27 19:00 ` Jaroslav Kysela
  0 siblings, 0 replies; 2+ messages in thread
From: Jaroslav Kysela @ 2014-06-27 19:00 UTC (permalink / raw)
  To: JongHo Kim, Takashi Iwai; +Cc: alsa-devel, Tim Gardner, Mark Brown

Date 27.6.2014 20:13, JongHo Kim wrote:
>>From a46df32a4fc184364be45ffe8957d5a20818d979 Mon Sep 17 00:00:00 2001
> From: JongHo Kim <furmuwon@gmail.com>
> Date: Sat, 28 Jun 2014 02:49:13 +0900
> Subject: [PATCH] ALSA: Remove the runtime local variable in
>   snd_pcm_period_elapsed
> 
> The local runtime variable in snd_pcm_period_elapsed has the value
> of substream->runtime. If the substream->runtime memory was freed,
> The local runtime variable can point the invalid memory.
> If do not fix this, can refer to freed memory.
> This patch remove local runtime variable and check the NULL directly.

This patch looks wrong. Besides the wrong fix, the elapsed function MUST
NOT be called when the stream is inactive (stopped). The PCM core
functions calls the stop callback for the lowlevel drivers. It appears
like an issue in the hardware driver.

					Jaroslav

> 
> Signed-off-by: JongHo Kim <furmuwon@gmail.com>
> ---
>   sound/core/pcm_lib.c | 14 +++++++-------
>   1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
> index 9acc77e..c3de2d3 100644
> --- a/sound/core/pcm_lib.c
> +++ b/sound/core/pcm_lib.c
> @@ -1836,15 +1836,13 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl);
>    */
>   void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
>   {
> -	struct snd_pcm_runtime *runtime;
>   	unsigned long flags;
> 
>   	if (PCM_RUNTIME_CHECK(substream))
>   		return;
> -	runtime = substream->runtime;
> 
> -	if (runtime->transfer_ack_begin)
> -		runtime->transfer_ack_begin(substream);
> +	if (substream->runtime && substream->runtime->transfer_ack_begin)
> +		substream->runtime->transfer_ack_begin(substream);
> 
>   	snd_pcm_stream_lock_irqsave(substream, flags);
>   	if (!snd_pcm_running(substream) ||
> @@ -1855,9 +1853,11 @@ void snd_pcm_period_elapsed(struct 
> snd_pcm_substream *substream)
>   		snd_timer_interrupt(substream->timer, 1);
>    _end:
>   	snd_pcm_stream_unlock_irqrestore(substream, flags);
> -	if (runtime->transfer_ack_end)
> -		runtime->transfer_ack_end(substream);
> -	kill_fasync(&runtime->fasync, SIGIO, POLL_IN);
> +	if (substream->runtime && substream->runtime->transfer_ack_end)
> +		substream->runtime->transfer_ack_end(substream);
> +
> +	if (substream->runtime)
> +		kill_fasync(&substream->runtime->fasync, SIGIO, POLL_IN);
>   }
> 
>   EXPORT_SYMBOL(snd_pcm_period_elapsed);
> 


-- 
Jaroslav Kysela <perex@perex.cz>
Linux Kernel Sound Maintainer
ALSA Project; Red Hat, Inc.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-06-27 19:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-27 18:13 [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed JongHo Kim
2014-06-27 19:00 ` Jaroslav Kysela

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).