From patchwork Fri Jun 27 18:13:07 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: JongHo Kim X-Patchwork-Id: 4436971 X-Patchwork-Delegate: tiwai@suse.de Return-Path: X-Original-To: patchwork-alsa-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 1C76CBEEAA for ; Fri, 27 Jun 2014 18:13:39 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 41E49203A0 for ; Fri, 27 Jun 2014 18:13:38 +0000 (UTC) Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) by mail.kernel.org (Postfix) with ESMTP id 055F420221 for ; Fri, 27 Jun 2014 18:13:37 +0000 (UTC) Received: by alsa0.perex.cz (Postfix, from userid 1000) id C777C26536B; Fri, 27 Jun 2014 20:13:34 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=no version=3.3.1 Received: from alsa0.perex.cz (localhost [IPv6:::1]) by alsa0.perex.cz (Postfix) with ESMTP id BE43C265353; Fri, 27 Jun 2014 20:13:23 +0200 (CEST) X-Original-To: alsa-devel@alsa-project.org Delivered-To: alsa-devel@alsa-project.org Received: by alsa0.perex.cz (Postfix, from userid 1000) id 2E26A265357; Fri, 27 Jun 2014 20:13:22 +0200 (CEST) Received: from mail-pa0-f45.google.com (mail-pa0-f45.google.com [209.85.220.45]) by alsa0.perex.cz (Postfix) with ESMTP id E3969265350 for ; Fri, 27 Jun 2014 20:13:13 +0200 (CEST) Received: by mail-pa0-f45.google.com with SMTP id rd3so4873931pab.18 for ; Fri, 27 Jun 2014 11:13:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:cc:subject:message-id:user-agent:mime-version :content-type; bh=exVsu/7b8SLJaOK3I7MBjJZp20oyUeLTGt0xdhzMElU=; b=0gnCbufAPV768KtKTXgESbNXQ8HYBQBDsXPBKGgV2+xmAZm4uIiCevoDP3NxBq/Vjq lEnWAScXEkZEVJlsgtJ0rWfW7CTLBE57bgFn16Lx9HP3DQJ0z0J5OU9qm9iDI3ceKAJU nomoqGvY6dNlFTOSCvoTXtd9lxcdmgS0SYP8LkMMZtnksBCONSNgvOmPJvp+oHcaMu8S p+Ffi5+E/GApdTYJwkInfWqatXWitjVng5YFk3GRWKGJnrbS4pQ42EsP4aO2NU3ZqVWw Vpyhe4pcdvy2bvPap2QR68bz4GJVhMLH1gNK13YeZfiGLohyMOQOUUarMhyhvj4Ryz2Y IEhQ== X-Received: by 10.68.232.33 with SMTP id tl1mr33122776pbc.162.1403892791867; Fri, 27 Jun 2014 11:13:11 -0700 (PDT) Received: from [192.168.0.5] ([121.169.219.44]) by mx.google.com with ESMTPSA id xc1sm54818540pab.39.2014.06.27.11.13.09 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 27 Jun 2014 11:13:11 -0700 (PDT) From: JongHo Kim X-Google-Original-From: JongHo Kim Date: Sat, 28 Jun 2014 03:13:07 +0900 (KST) To: Takashi Iwai , Jaroslav Kysela Message-ID: User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Cc: alsa-devel@alsa-project.org, Tim Gardner , Mark Brown Subject: [alsa-devel] [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: alsa-devel-bounces@alsa-project.org X-Virus-Scanned: ClamAV using ClamSMTP From a46df32a4fc184364be45ffe8957d5a20818d979 Mon Sep 17 00:00:00 2001 From: JongHo Kim Date: Sat, 28 Jun 2014 02:49:13 +0900 Subject: [PATCH] ALSA: Remove the runtime local variable in snd_pcm_period_elapsed The local runtime variable in snd_pcm_period_elapsed has the value of substream->runtime. If the substream->runtime memory was freed, The local runtime variable can point the invalid memory. If do not fix this, can refer to freed memory. This patch remove local runtime variable and check the NULL directly. Signed-off-by: JongHo Kim --- sound/core/pcm_lib.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) EXPORT_SYMBOL(snd_pcm_period_elapsed); diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index 9acc77e..c3de2d3 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1836,15 +1836,13 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl); */ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) { - struct snd_pcm_runtime *runtime; unsigned long flags; if (PCM_RUNTIME_CHECK(substream)) return; - runtime = substream->runtime; - if (runtime->transfer_ack_begin) - runtime->transfer_ack_begin(substream); + if (substream->runtime && substream->runtime->transfer_ack_begin) + substream->runtime->transfer_ack_begin(substream); snd_pcm_stream_lock_irqsave(substream, flags); if (!snd_pcm_running(substream) || @@ -1855,9 +1853,11 @@ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) snd_timer_interrupt(substream->timer, 1); _end: snd_pcm_stream_unlock_irqrestore(substream, flags); - if (runtime->transfer_ack_end) - runtime->transfer_ack_end(substream); - kill_fasync(&runtime->fasync, SIGIO, POLL_IN); + if (substream->runtime && substream->runtime->transfer_ack_end) + substream->runtime->transfer_ack_end(substream); + + if (substream->runtime) + kill_fasync(&substream->runtime->fasync, SIGIO, POLL_IN); }