Re: [patch] Fix snd-usb-audio in 32-bit compat environemt

From: Alexey Dobriyan
Date: Sun Feb 19 2006 - 12:55:03 EST

Next message: Greg KH: "Re: don't bother users with unimportant messages."
Previous message: Greg KH: "Re: [PATCH, RFC] sysfs: relay channel buffers as sysfs attributes"
In reply to: Juergen Kreileder: "[patch] Fix snd-usb-audio in 32-bit compat environemt"
Next in thread: Juergen Kreileder: "Re: [patch] Fix snd-usb-audio in 32-bit compat environemt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Feb 18, 2006 at 07:50:37PM +0100, Juergen Kreileder wrote:
> I'm getting oopses with snd-usb-audio in 32-bit compat environments:
> control_compat.c:get_ctl_type() doesn't initialize 'info', so
> 'itemlist[uinfo->value.enumerated.item]' in
> usbmixer.c:mixer_ctl_selector_info() might access random memory
> (The 'if ((int)uinfo->value.enumerated.item >= cval->max)' doesn't fix
> all problems because of the unsigned -> signed conversion.)

IMO, what you did is an overkill. Does this patch fixes your problem?

Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>

--- a/sound/core/control_compat.c
+++ b/sound/core/control_compat.c
@@ -176,6 +176,7 @@ static int get_ctl_type(struct snd_card
up_read(&card->controls_rwsem);
return -ENXIO;
}
+ memset(info, 0, sizeof(struct snd_ctl_elem_info));
info.id = *id;
err = kctl->info(kctl, &info);
up_read(&card->controls_rwsem);

> --- linux-mm-vanilla/sound/core/control_compat.c
> +++ linux-mm/sound/core/control_compat.c
> @@ -167,7 +167,7 @@ static int get_ctl_type(struct snd_card
> int *countp)
> {
> struct snd_kcontrol *kctl;
> - struct snd_ctl_elem_info info;
> + struct snd_ctl_elem_info *info;
> int err;
>
> down_read(&card->controls_rwsem);
> @@ -176,13 +176,19 @@ static int get_ctl_type(struct snd_card
> up_read(&card->controls_rwsem);
> return -ENXIO;
> }
> - info.id = *id;
> - err = kctl->info(kctl, &info);
> + info = kzalloc(sizeof(*info), GFP_KERNEL);
> + if (info == NULL) {
> + up_read(&card->controls_rwsem);
> + return -ENOMEM;
> + }
> + info->id = *id;
> + err = kctl->info(kctl, info);
> up_read(&card->controls_rwsem);
> if (err >= 0) {
> - err = info.type;
> - *countp = info.count;
> + err = info->type;
> + *countp = info->count;
> }
> + kfree(info);
> return err;
> }

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: don't bother users with unimportant messages."
Previous message: Greg KH: "Re: [PATCH, RFC] sysfs: relay channel buffers as sysfs attributes"
In reply to: Juergen Kreileder: "[patch] Fix snd-usb-audio in 32-bit compat environemt"
Next in thread: Juergen Kreileder: "Re: [patch] Fix snd-usb-audio in 32-bit compat environemt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]