Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Blob Blame History Raw

From b97053df0f04747c3c1e021ecbe99db675342954 Mon Sep 17 00:00:00 2001
From: Chengfeng Ye <cyeaa@connect.ust.hk>
Date: Sun, 24 Oct 2021 04:17:36 -0700
Subject: [PATCH] ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
Git-commit: b97053df0f04747c3c1e021ecbe99db675342954
Patch-mainline: v5.16-rc1
References: CVE-2021-47211 bsc#1222869

The pointer cs_desc return from snd_usb_find_clock_source could
be null, so there is a potential null pointer dereference issue.
Fix this by adding a null check before dereference.

Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Link: https://lore.kernel.org/r/20211024111736.11342-1-cyeaa@connect.ust.hk
Signed-off-by: Takashi Iwai <tiwai@suse.de>

---
 sound/usb/clock.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -616,11 +616,15 @@ static int set_sample_rate_v2v3(struct s
 		struct uac3_clock_source_descriptor *cs_desc;
 
 		cs_desc = snd_usb_find_clock_source_v3(chip->ctrl_intf, clock);
+		if (!cs_desc)
+			return 0;
 		bmControls = le32_to_cpu(cs_desc->bmControls);
 	} else {
 		struct uac_clock_source_descriptor *cs_desc;
 
 		cs_desc = snd_usb_find_clock_source(chip->ctrl_intf, clock);
+		if (!cs_desc)
+			return 0;
 		bmControls = cs_desc->bmControls;
 	}

kernel / kernel-source

Source Code

Files