From: Takashi Sakamoto Date: Fri, 5 Feb 2016 00:56:05 +0000 (+0900) Subject: ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5d2560a427fc7c4050a320be62c4994705ca81b1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails When unsupported models are connected, snd-firewire-tascam module causes NULL pointer dereference in fw_core_remove_address_handler() (due to list_del_rcu()). This commit prevents this bug. Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai --- diff --git a/sound/firewire/tascam/tascam-transaction.c b/sound/firewire/tascam/tascam-transaction.c index 904ce0329fa1..040a96d1ba8e 100644 --- a/sound/firewire/tascam/tascam-transaction.c +++ b/sound/firewire/tascam/tascam-transaction.c @@ -230,6 +230,7 @@ int snd_tscm_transaction_register(struct snd_tscm *tscm) return err; error: fw_core_remove_address_handler(&tscm->async_handler); + tscm->async_handler.callback_data = NULL; return err; } @@ -276,6 +277,9 @@ void snd_tscm_transaction_unregister(struct snd_tscm *tscm) __be32 reg; unsigned int i; + if (tscm->async_handler.callback_data == NULL) + return; + /* Turn off FireWire LED. */ reg = cpu_to_be32(0x0000008e); snd_fw_transaction(tscm->unit, TCODE_WRITE_QUADLET_REQUEST, @@ -297,6 +301,8 @@ void snd_tscm_transaction_unregister(struct snd_tscm *tscm) ®, sizeof(reg), 0); fw_core_remove_address_handler(&tscm->async_handler); + tscm->async_handler.callback_data = NULL; + for (i = 0; i < TSCM_MIDI_OUT_PORT_MAX; i++) snd_fw_async_midi_port_destroy(&tscm->out_ports[i]); }