* [PATCH] ALSA: firewire-digi00x: prevent potential use after free
@ 2023-05-09 9:07 Dan Carpenter
2023-05-12 8:18 ` Takashi Iwai
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2023-05-09 9:07 UTC (permalink / raw)
To: Takashi Sakamoto
Cc: Clemens Ladisch, Jaroslav Kysela, Takashi Iwai, alsa-devel,
kernel-janitors
This code was supposed to return an error code if init_stream()
failed, but it instead freed dg00x->rx_stream and returned success.
This potentially leads to a use after free.
Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
sound/firewire/digi00x/digi00x-stream.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/firewire/digi00x/digi00x-stream.c b/sound/firewire/digi00x/digi00x-stream.c
index a15f55b0dce3..295163bb8abb 100644
--- a/sound/firewire/digi00x/digi00x-stream.c
+++ b/sound/firewire/digi00x/digi00x-stream.c
@@ -259,8 +259,10 @@ int snd_dg00x_stream_init_duplex(struct snd_dg00x *dg00x)
return err;
err = init_stream(dg00x, &dg00x->tx_stream);
- if (err < 0)
+ if (err < 0) {
destroy_stream(dg00x, &dg00x->rx_stream);
+ return err;
+ }
err = amdtp_domain_init(&dg00x->domain);
if (err < 0) {
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ALSA: firewire-digi00x: prevent potential use after free
2023-05-09 9:07 [PATCH] ALSA: firewire-digi00x: prevent potential use after free Dan Carpenter
@ 2023-05-12 8:18 ` Takashi Iwai
2023-05-12 13:44 ` Takashi Sakamoto
0 siblings, 1 reply; 3+ messages in thread
From: Takashi Iwai @ 2023-05-12 8:18 UTC (permalink / raw)
To: Dan Carpenter
Cc: Takashi Sakamoto, Clemens Ladisch, Jaroslav Kysela, Takashi Iwai,
alsa-devel, kernel-janitors
On Tue, 09 May 2023 11:07:11 +0200,
Dan Carpenter wrote:
>
> This code was supposed to return an error code if init_stream()
> failed, but it instead freed dg00x->rx_stream and returned success.
> This potentially leads to a use after free.
>
> Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Thanks, applied now.
Takashi
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ALSA: firewire-digi00x: prevent potential use after free
2023-05-12 8:18 ` Takashi Iwai
@ 2023-05-12 13:44 ` Takashi Sakamoto
0 siblings, 0 replies; 3+ messages in thread
From: Takashi Sakamoto @ 2023-05-12 13:44 UTC (permalink / raw)
To: Takashi Iwai
Cc: Dan Carpenter, Clemens Ladisch, Jaroslav Kysela, Takashi Iwai,
alsa-devel, kernel-janitors
Hi,
On Fri, May 12, 2023 at 10:18:54AM +0200, Takashi Iwai wrote:
> On Tue, 09 May 2023 11:07:11 +0200,
> Dan Carpenter wrote:
> >
> > This code was supposed to return an error code if init_stream()
> > failed, but it instead freed dg00x->rx_stream and returned success.
> > This potentially leads to a use after free.
> >
> > Fixes: 9a08067ec318 ("ALSA: firewire-digi00x: support AMDTP domain")
> > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
>
> Thanks, applied now.
I overlooked the patch. It looks good to me as well.
Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Thanks
Takashi Sakamoto
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-12 13:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-09 9:07 [PATCH] ALSA: firewire-digi00x: prevent potential use after free Dan Carpenter
2023-05-12 8:18 ` Takashi Iwai
2023-05-12 13:44 ` Takashi Sakamoto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox