Skip to content
Unverified Commit 3420fdb8 authored by Gaosheng Cui's avatar Gaosheng Cui Committed by Mark Brown
Browse files

ASoC: amd: acp: Fix possible UAF in acp_dma_open 



Smatch report warning as follows:

sound/soc/amd/acp/acp-platform.c:199 acp_dma_open() warn:
  '&stream->list' not removed from list

If snd_pcm_hw_constraint_integer() fails in acp_dma_open(),
stream will be freed, but stream->list will not be removed from
adata->stream_list, then list traversal may cause UAF.

Fix by adding the newly allocated stream to the list once it's fully
initialised.

Fixes: 7929985c ("ASoC: amd: acp: Initialize list to store acp_stream during pcm_open")
Signed-off-by: default avatarGaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221118030056.3135960-1-cuigaosheng1@huawei.com


Signed-off-by: default avatarMark Brown <broonie@kernel.org>
parent 13c459fa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment