ALSA: info: Drop WARN_ON() from buffer NULL sanity check
commit 60379ba085
upstream.
snd_info_get_line() has a sanity check of NULL buffer -- both buffer
itself being NULL and buffer->buffer being NULL. Basically both
checks are valid and necessary, but the problem is that it's with
snd_BUG_ON() macro that triggers WARN_ON(). The latter condition
(NULL buffer->buffer) can be met arbitrarily by user since the buffer
is allocated at the first write, so it means that user can trigger
WARN_ON() at will.
This patch addresses it by simply moving buffer->buffer NULL check out
of snd_BUG_ON() so that spurious WARNING is no longer triggered.
Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
5.4-rM2-2.2.x-imx-squashed
parent
aad343d571
commit
0f87dabe44
|
@ -608,7 +608,9 @@ int snd_info_get_line(struct snd_info_buffer *buffer, char *line, int len)
|
|||
{
|
||||
int c = -1;
|
||||
|
||||
if (snd_BUG_ON(!buffer || !buffer->buffer))
|
||||
if (snd_BUG_ON(!buffer))
|
||||
return 1;
|
||||
if (!buffer->buffer)
|
||||
return 1;
|
||||
if (len <= 0 || buffer->stop || buffer->error)
|
||||
return 1;
|
||||
|
|
Loading…
Reference in New Issue