git.stricted.de - GitHub/LineageOS/android_kernel_samsung

projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / commit

author	Robb Glasser <rglasser@google.com>
	Fri, 11 Aug 2017 18:33:31 +0000 (11:33 -0700)
committer	Danny Wood <danwood76@gmail.com>
	Fri, 11 Jan 2019 07:53:47 +0000 (07:53 +0000)
commit	162be921fbbf8074881c4a33d294d6382a200447
tree	783739d997a04ed7cf6f192b0936fa39472eac7f	tree \| snapshot (tar.gz zip)
parent	c6c5b6cba0219fdc822039bb2e71d01da322eb5d	commit \| diff

ALSA: pcm: prevent UAF in snd_pcm_info

When the device descriptor is closed, the `substream->runtime` pointer
is freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
calls snd_pcm_info() which accesses the now freed `substream->runtime`.

Bug: 36006981
Signed-off-by: Robb Glasser <rglasser@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Change-Id: I445d24bc21dc0af6d9522a8daabe64969042236a

sound/core/pcm.c

diff | blob | blame | history

RSS Atom