[bug report] ALSA: compress_offload: introduce accel operation mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello Jaroslav Kysela,

Commit 04177158cf98 ("ALSA: compress_offload: introduce accel
operation mode") from Oct 2, 2024 (linux-next), leads to the
following Smatch static checker warning:

	sound/core/compress_offload.c:1188 snd_compr_task_seq()
	error: dereferencing freed memory 'task' (line 1189)

sound/core/compress_offload.c
    1174 static int snd_compr_task_seq(struct snd_compr_stream *stream, unsigned long arg,
    1175                                         snd_compr_seq_func_t fcn)
    1176 {
    1177         struct snd_compr_task_runtime *task;
    1178         __u64 seqno;
    1179         int retval;
    1180 
    1181         if (stream->runtime->state != SNDRV_PCM_STATE_SETUP)
    1182                 return -EPERM;
    1183         retval = get_user(seqno, (__u64 __user *)arg);
    1184         if (retval < 0)
    1185                 return retval;
    1186         retval = 0;
    1187         if (seqno == 0) {
--> 1188                 list_for_each_entry_reverse(task, &stream->runtime->tasks, list)
    1189                         fcn(stream, task);

fcn() can be snd_compr_task_free_one() so this should be
list_for_each_entry_safe_reverse() but it also calls fput() on
the fd from fd_install() so I'm really uncomfortable with that for the
same reasons as before.

    1190         } else {
    1191                 task = snd_compr_find_task(stream, seqno);
    1192                 if (task == NULL) {
    1193                         retval = -EINVAL;
    1194                 } else {
    1195                         fcn(stream, task);
    1196                 }
    1197         }
    1198         return retval;
    1199 }

regards,
dan carpenter




[Index of Archives]     [Pulseaudio]     [Linux Audio Users]     [ALSA Devel]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux