From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9710C433E0 for ; Tue, 26 Jan 2021 08:21:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 76BF7221EA for ; Tue, 26 Jan 2021 08:21:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388775AbhAZIV0 (ORCPT ); Tue, 26 Jan 2021 03:21:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:58344 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727118AbhAYSm2 (ORCPT ); Mon, 25 Jan 2021 13:42:28 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id D3F67224F9; Mon, 25 Jan 2021 18:41:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1611600071; bh=NA7f1FBcFwBO4Z4vA6XRI2QVvmWbgDAdsDCAp1KwOOM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CsAQ24NaLByLMUg9itTQU1t5l96uhYGw+FhkzXHi50xHzwD9MYWO6Ek9JVbyQzmBN 520/p+k7hbnPaWW32tb7sP0KxxuQWzVeGOGCkTUNnWuaYhIIQvKPCuBKaekAqeya7d JqFcZ+v4KI6dhIGCKlNWEQ+BBUH7AvSkIvf+/c9g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com, Takashi Iwai Subject: [PATCH 4.19 02/58] ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() Date: Mon, 25 Jan 2021 19:39:03 +0100 Message-Id: <20210125183156.810065558@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210125183156.702907356@linuxfoundation.org> References: <20210125183156.702907356@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Takashi Iwai commit 217bfbb8b0bfa24619b11ab75c135fec99b99b20 upstream. snd_seq_oss_synth_make_info() didn't check the error code from snd_seq_oss_midi_make_info(), and this leads to the call of strlcpy() with the uninitialized string as the source, which may lead to the access over the limit. Add the proper error check for avoiding the failure. Reported-by: syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20210115093428.15882-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/seq/oss/seq_oss_synth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/sound/core/seq/oss/seq_oss_synth.c +++ b/sound/core/seq/oss/seq_oss_synth.c @@ -624,7 +624,8 @@ snd_seq_oss_synth_make_info(struct seq_o if (info->is_midi) { struct midi_info minf; - snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf); + if (snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf)) + return -ENXIO; inf->synth_type = SYNTH_TYPE_MIDI; inf->synth_subtype = 0; inf->nr_voices = 16;