[PATCH 0/5] ASoC: small fixes for bugs reported by Coverity

[PATCH 0/5] ASoC: small fixes for bugs reported by Coverity

[Takashi Iwai]

Hi,

this is another series of small fixes for bugs reported by Coverity,
this time about ASoC core codes.


Takashi

[PATCH 1/5] ASoC: Use strlcpy() for copying in snd_soc_info_enum_double()

[Takashi Iwai]

The provided texts aren't guaranteed to be in the fixed size.
Spotted by coverity CID 139318.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/soc/soc-core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index afc3fa8..bdc1d74 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -2551,8 +2551,9 @@ int snd_soc_info_enum_double(struct snd_kcontrol *kcontrol,
 
 	if (uinfo->value.enumerated.item > e->max - 1)
 		uinfo->value.enumerated.item = e->max - 1;
-	strcpy(uinfo->value.enumerated.name,
-		e->texts[uinfo->value.enumerated.item]);
+	strlcpy(uinfo->value.enumerated.name,
+		e->texts[uinfo->value.enumerated.item],
+		sizeof(uinfo->value.enumerated.name));
 	return 0;
 }
 EXPORT_SYMBOL_GPL(snd_soc_info_enum_double);
-- 
1.8.4.1

[PATCH 2/5] ASoC: DAPM: Fix use after free in error path

[Takashi Iwai]

The error message in dapm_create_or_share_mixmux_kcontrol() refers to
the string "name", which may be "long_name" that has been already
freed.  Delay the release of long_name to the place just before return.

Spotted by coverity CID 1042678.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/soc/soc-dapm.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 2fb0b72..d2ff080 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -687,7 +687,7 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w,
 	int shared;
 	struct snd_kcontrol *kcontrol;
 	bool wname_in_long_name, kcname_in_long_name;
-	char *long_name;
+	char *long_name = NULL;
 	const char *name;
 	int ret;
 
@@ -745,24 +745,23 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w,
 
 			name = long_name;
 		} else if (wname_in_long_name) {
-			long_name = NULL;
 			name = w->name + prefix_len;
 		} else {
-			long_name = NULL;
 			name = w->kcontrol_news[kci].name;
 		}
 
 		kcontrol = snd_soc_cnew(&w->kcontrol_news[kci], NULL, name,
 					prefix);
-		kfree(long_name);
-		if (!kcontrol)
-			return -ENOMEM;
+		if (!kcontrol) {
+			ret = -ENOMEM;
+			goto error;
+		}
 		kcontrol->private_free = dapm_kcontrol_free;
 
 		ret = dapm_kcontrol_data_alloc(w, kcontrol);
 		if (ret) {
 			snd_ctl_free_one(kcontrol);
-			return ret;
+			goto error;
 		}
 
 		ret = snd_ctl_add(card, kcontrol);
@@ -770,16 +769,18 @@ static int dapm_create_or_share_mixmux_kcontrol(struct snd_soc_dapm_widget *w,
 			dev_err(dapm->dev,
 				"ASoC: failed to add widget %s dapm kcontrol %s: %d\n",
 				w->name, name, ret);
-			return ret;
+			goto error;
 		}
 	}
 
 	ret = dapm_kcontrol_add_widget(kcontrol, w);
 	if (ret)
-		return ret;
+		goto error;
 
 	w->kcontrols[kci] = kcontrol;
 
+ error:
+	kfree(long_name);
 	return 0;
 }
 
-- 
1.8.4.1

[PATCH 3/5] ASoC: DAPM: Fix uninitialized return value from snd_soc_dai_link_event()

[Takashi Iwai]

In a slightest path (both source and sink hw_params are NULL), the
function may return an uninitialized value.

Spotted by coverity CID 703453.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/soc/soc-dapm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index d2ff080..c21c8e7 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3428,6 +3428,8 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w,
 				goto out;
 			}
 		}
+
+		ret = 0;
 		break;
 
 	case SND_SOC_DAPM_POST_PMU:
-- 
1.8.4.1

[PATCH 4/5] ASoC: DAPM: Fix source list debugfs outputs

[Takashi Iwai]

... due to a copy & paste error.

Spotted by coverity CID 710923.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/soc/soc-dapm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index c21c8e7..8ab2b35 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -1975,7 +1975,7 @@ static ssize_t dapm_widget_power_read_file(struct file *file,
 				w->active ? "active" : "inactive");
 
 	list_for_each_entry(p, &w->sources, list_sink) {
-		if (p->connected && !p->connected(w, p->sink))
+		if (p->connected && !p->connected(w, p->source))
 			continue;
 
 		if (p->connect)
-- 
1.8.4.1

[PATCH 5/5] ASoC: DAPM: Return -ENOMEM in snd_soc_dapm_new_dai_widgets()

[Takashi Iwai]

... instead of NULL dereferences.

Spotted by coverity CID 402004.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/soc/soc-dapm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 8ab2b35..458c672 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3528,6 +3528,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm,
 		if (!w) {
 			dev_err(dapm->dev, "ASoC: Failed to create %s widget\n",
 				dai->driver->playback.stream_name);
+			return -ENOMEM;
 		}
 
 		w->priv = dai;
@@ -3546,6 +3547,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm,
 		if (!w) {
 			dev_err(dapm->dev, "ASoC: Failed to create %s widget\n",
 				dai->driver->capture.stream_name);
+			return -ENOMEM;
 		}
 
 		w->priv = dai;
-- 
1.8.4.1

Re: [PATCH 1/5] ASoC: Use strlcpy() for copying in snd_soc_info_enum_double()

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 178 bytes --]

On Mon, Oct 28, 2013 at 02:21:46PM +0100, Takashi Iwai wrote:
> The provided texts aren't guaranteed to be in the fixed size.
> Spotted by coverity CID 139318.

Applied, thanks.

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: [PATCH 2/5] ASoC: DAPM: Fix use after free in error path

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 340 bytes --]

On Mon, Oct 28, 2013 at 02:21:47PM +0100, Takashi Iwai wrote:
> The error message in dapm_create_or_share_mixmux_kcontrol() refers to
> the string "name", which may be "long_name" that has been already
> freed.  Delay the release of long_name to the place just before return.

Applied, thanks.  Please use "dapm" not "DAPM" in the subject.

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: [PATCH 3/5] ASoC: DAPM: Fix uninitialized return value from snd_soc_dai_link_event()

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 195 bytes --]

On Mon, Oct 28, 2013 at 02:21:48PM +0100, Takashi Iwai wrote:
> In a slightest path (both source and sink hw_params are NULL), the
> function may return an uninitialized value.

Applied, thanks.

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: [PATCH 4/5] ASoC: DAPM: Fix source list debugfs outputs

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 115 bytes --]

On Mon, Oct 28, 2013 at 02:21:49PM +0100, Takashi Iwai wrote:
> ... due to a copy & paste error.

Applied, thanks.

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: [PATCH 5/5] ASoC: DAPM: Return -ENOMEM in snd_soc_dapm_new_dai_widgets()

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 116 bytes --]

On Mon, Oct 28, 2013 at 02:21:50PM +0100, Takashi Iwai wrote:
> ... instead of NULL dereferences.

Applied, thanks.

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]