From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1D41C433E6 for ; Mon, 25 Jan 2021 18:50:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 91B04224D4 for ; Mon, 25 Jan 2021 18:50:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731064AbhAYSuI (ORCPT ); Mon, 25 Jan 2021 13:50:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:58346 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728705AbhAYSnq (ORCPT ); Mon, 25 Jan 2021 13:43:46 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id EAF34207B3; Mon, 25 Jan 2021 18:43:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1611600203; bh=nHqKweedei2LYxtp/IjBgHO4pOd3oRIKcYCJ268FmtQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vTTbZhaGpPuJfqF37jtXgEQtypSChz9y7BJLmpNWtths6046pCX8qu+0WbGE1qyvT 9jbBh1ZZjfKDfkoKPSppwi1RfxL8jS97E2NHJSFbJBmw/fpYOR87vjzjy9QMhkKk1B /WsefhFU6v1Opwe4xJmzjYwuHRfc/2977YZGv9uQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com, Takashi Iwai Subject: [PATCH 5.4 04/86] ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() Date: Mon, 25 Jan 2021 19:38:46 +0100 Message-Id: <20210125183201.223332147@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210125183201.024962206@linuxfoundation.org> References: <20210125183201.024962206@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Takashi Iwai commit 217bfbb8b0bfa24619b11ab75c135fec99b99b20 upstream. snd_seq_oss_synth_make_info() didn't check the error code from snd_seq_oss_midi_make_info(), and this leads to the call of strlcpy() with the uninitialized string as the source, which may lead to the access over the limit. Add the proper error check for avoiding the failure. Reported-by: syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20210115093428.15882-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/seq/oss/seq_oss_synth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/sound/core/seq/oss/seq_oss_synth.c +++ b/sound/core/seq/oss/seq_oss_synth.c @@ -611,7 +611,8 @@ snd_seq_oss_synth_make_info(struct seq_o if (info->is_midi) { struct midi_info minf; - snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf); + if (snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf)) + return -ENXIO; inf->synth_type = SYNTH_TYPE_MIDI; inf->synth_subtype = 0; inf->nr_voices = 16;