[PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session
@ 2025-06-24  9:00 Pei Xiao
  2025-06-25  6:29 ` Takashi Iwai
  0 siblings, 1 reply; 2+ messages in thread
From: Pei Xiao @ 2025-06-24  9:00 UTC (permalink / raw)
  To: tiwai, perex, quic_wcheng, linux-sound, linux-kernel; +Cc: Pei Xiao

The find_substream() call may return NULL, but the error path
dereferenced 'subs' unconditionally via dev_err(&subs->dev->dev, ...),
causing a NULL pointer dereference when subs is NULL.

Fix by switching to &uadev[idx].udev->dev which is always valid
in this context.

Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
---
v2: use uadev[idx].udev->dev
---
 sound/usb/qcom/qc_audio_offload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/usb/qcom/qc_audio_offload.c b/sound/usb/qcom/qc_audio_offload.c
index 5bc27c82e0af..975c1f93e48f 100644
--- a/sound/usb/qcom/qc_audio_offload.c
+++ b/sound/usb/qcom/qc_audio_offload.c
@@ -759,7 +759,7 @@ static void qmi_stop_session(void)
 			subs = find_substream(pcm_card_num, info->pcm_dev_num,
 					      info->direction);
 			if (!subs || !chip || atomic_read(&chip->shutdown)) {
-				dev_err(&subs->dev->dev,
+				dev_err(&uadev[idx].udev->dev,
 					"no sub for c#%u dev#%u dir%u\n",
 					info->pcm_card_num,
 					info->pcm_dev_num,
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session
  2025-06-24  9:00 [PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session Pei Xiao
@ 2025-06-25  6:29 ` Takashi Iwai
  0 siblings, 0 replies; 2+ messages in thread
From: Takashi Iwai @ 2025-06-25  6:29 UTC (permalink / raw)
  To: Pei Xiao; +Cc: tiwai, perex, quic_wcheng, linux-sound, linux-kernel

On Tue, 24 Jun 2025 11:00:47 +0200,
Pei Xiao wrote:
> 
> The find_substream() call may return NULL, but the error path
> dereferenced 'subs' unconditionally via dev_err(&subs->dev->dev, ...),
> causing a NULL pointer dereference when subs is NULL.
> 
> Fix by switching to &uadev[idx].udev->dev which is always valid
> in this context.
> 
> Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>

Applied now.  Thanks.


Takashi

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-06-25  6:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-24  9:00 [PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session Pei Xiao
2025-06-25  6:29 ` Takashi Iwai

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).