Commit c58e3689 authored Aug 08, 2024 by Chengfeng Ye Committed by Kaixiong Yu Aug 08, 2024

ALSA: gus: fix null pointer dereference on pointer block

stable inclusion
from stable-v4.19.218
commit ab4c1ebc40f699f48346f634d7b72b9c5193f315
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9FNFE
CVE: CVE-2021-47207

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ab4c1ebc40f699f48346f634d7b72b9c5193f315



--------------------------------

[ Upstream commit a0d21bb3 ]

The pointer block return from snd_gf1_dma_next_block could be
null, so there is a potential null pointer dereference issue.
Fix this by adding a null check before dereference.

Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Link: https://lore.kernel.org/r/20211024104611.9919-1-cyeaa@connect.ust.hk


Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kaixiong Yu <yukaixiong@huawei.com>

parent c9fdcc30

sound/isa/gus/gus_dma.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -141,6 +141,8 @@ static void snd_gf1_dma_interrupt(struct snd_gus_card * gus)
		}
		block = snd_gf1_dma_next_block(gus);
		spin_unlock(&gus->dma_lock);
		if (!block)
		return;
		snd_gf1_dma_program(gus, block->addr, block->buf_addr, block->count, (unsigned short) block->cmd);
		kfree(block);
		#if 0