From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com,
Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 4.4 12/54] ALSA: info: Drop WARN_ON() from buffer NULL sanity check
Date: Thu, 30 Jul 2020 10:04:51 +0200 [thread overview]
Message-ID: <20200730074421.806017336@linuxfoundation.org> (raw)
In-Reply-To: <20200730074421.203879987@linuxfoundation.org>
From: Takashi Iwai <tiwai@suse.de>
commit 60379ba08532eca861e933b389526a4dc89e0c42 upstream.
snd_info_get_line() has a sanity check of NULL buffer -- both buffer
itself being NULL and buffer->buffer being NULL. Basically both
checks are valid and necessary, but the problem is that it's with
snd_BUG_ON() macro that triggers WARN_ON(). The latter condition
(NULL buffer->buffer) can be met arbitrarily by user since the buffer
is allocated at the first write, so it means that user can trigger
WARN_ON() at will.
This patch addresses it by simply moving buffer->buffer NULL check out
of snd_BUG_ON() so that spurious WARNING is no longer triggered.
Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/info.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/core/info.c
+++ b/sound/core/info.c
@@ -634,7 +634,9 @@ int snd_info_get_line(struct snd_info_bu
{
int c = -1;
- if (snd_BUG_ON(!buffer || !buffer->buffer))
+ if (snd_BUG_ON(!buffer))
+ return 1;
+ if (!buffer->buffer)
return 1;
if (len <= 0 || buffer->stop || buffer->error)
return 1;
next prev parent reply other threads:[~2020-07-30 8:16 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-30 8:04 [PATCH 4.4 00/54] 4.4.232-rc1 review Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 01/54] pinctrl: amd: fix npins for uart0 in kerncz_groups Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 02/54] mac80211: allow rx of mesh eapol frames with default rx key Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 03/54] scsi: scsi_transport_spi: Fix function pointer check Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 04/54] xtensa: fix __sync_fetch_and_{and,or}_4 declarations Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 05/54] xtensa: update *pos in cpuinfo_op.next Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 06/54] drivers/net/wan/lapbether: Fixed the value of hard_header_len Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 07/54] net: sky2: initialize return of gm_phy_read Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 08/54] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 09/54] SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 10/54] perf/core: Fix locking for children siblings group read Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 11/54] uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression Greg Kroah-Hartman
2020-07-30 8:04 ` Greg Kroah-Hartman [this message]
2020-07-30 8:04 ` [PATCH 4.4 13/54] ASoC: rt5670: Correct RT5670_LDO_SEL_MASK Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 14/54] btrfs: fix double free on ulist after backref resolution failure Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 15/54] x86/fpu: Disable bottom halves while loading FPU registers Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 16/54] btrfs: fix mount failure caused by race with umount Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 17/54] hippi: Fix a size used in a pci_free_consistent() in an error handling path Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 18/54] ax88172a: fix ax88172a_unbind() failures Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 19/54] net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration Greg Kroah-Hartman
2020-07-30 8:04 ` [PATCH 4.4 20/54] net: smc91x: Fix possible memory leak in smc_drv_probe() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 21/54] scripts/decode_stacktrace: strip basepath from all paths Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 22/54] regmap: dev_get_regmap_match(): fix string comparison Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 23/54] usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 24/54] arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 25/54] x86: math-emu: Fix up cmp insn for clang ias Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 26/54] Revert "cifs: Fix the target file was deleted when rename failed." Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 27/54] staging: wlan-ng: properly check endpoint types Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 28/54] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 29/54] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 30/54] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 31/54] staging: comedi: addi_apci_1564: " Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 32/54] serial: 8250: fix null-ptr-deref in serial8250_start_tx() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 33/54] serial: 8250_mtk: Fix high-speed baud rates clamping Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 34/54] mm/memcg: fix refcount error while moving and swapping Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 35/54] parisc: Add atomic64_set_release() define to avoid CPU soft lockups Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 36/54] ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 37/54] ath9k: Fix regression with Atheros 9271 Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 38/54] AX.25: Fix out-of-bounds read in ax25_connect() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 39/54] AX.25: Prevent out-of-bounds read in ax25_sendmsg() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 40/54] net-sysfs: add a newline when printing tx_timeout by sysfs Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 41/54] net: udp: Fix wrong clean up for IS_UDPLITE macro Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 42/54] AX.25: Prevent integer overflows in connect and sendmsg Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 43/54] tcp: allow at most one TLP probe per flight Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 44/54] rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 45/54] ip6_gre: fix null-ptr-deref in ip6gre_init_net() Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 46/54] drivers/net/wan/x25_asy: Fix to make it work Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 47/54] Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 48/54] regmap: debugfs: check count when read regmap file Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 49/54] xfs: set format back to extents if xfs_bmap_extents_to_btree Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 50/54] tools/lib/subcmd/pager.c: do not alias select() params Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 51/54] perf: Make perf able to build with latest libbfd Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 52/54] perf tools: Fix snprint warnings for gcc 8 Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 53/54] perf annotate: Use asprintf when formatting objdump command line Greg Kroah-Hartman
2020-07-30 8:05 ` [PATCH 4.4 54/54] perf probe: Fix to check blacklist address correctly Greg Kroah-Hartman
2020-07-30 16:46 ` [PATCH 4.4 00/54] 4.4.232-rc1 review Guenter Roeck
2020-07-31 12:41 ` Jon Hunter
2020-07-31 12:47 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200730074421.806017336@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.