Hello Jaroslav Kysela,
Commit 04177158cf98 ("ALSA: compress_offload: introduce accel
operation mode") from Oct 2, 2024 (linux-next), leads to the
following Smatch static checker warning:
sound/core/compress_offload.c:1188 snd_compr_task_seq()
error: dereferencing freed memory 'task' (line 1189)
sound/core/compress_offload.c
1174 static int snd_compr_task_seq(struct snd_compr_stream *stream, unsigned long arg,
1175 snd_compr_seq_func_t fcn)
1176 {
1177 struct snd_compr_task_runtime *task;
1178 __u64 seqno;
1179 int retval;
1180
1181 if (stream->runtime->state != SNDRV_PCM_STATE_SETUP)
1182 return -EPERM;
1183 retval = get_user(seqno, (__u64 __user *)arg);
1184 if (retval < 0)
1185 return retval;
1186 retval = 0;
1187 if (seqno == 0) {
--> 1188 list_for_each_entry_reverse(task, &stream->runtime->tasks, list)
1189 fcn(stream, task);
fcn() can be snd_compr_task_free_one() so this should be
list_for_each_entry_safe_reverse() but it also calls fput() on
the fd from fd_install() so I'm really uncomfortable with that for the
same reasons as before.
1190 } else {
1191 task = snd_compr_find_task(stream, seqno);
1192 if (task == NULL) {
1193 retval = -EINVAL;
1194 } else {
1195 fcn(stream, task);
1196 }
1197 }
1198 return retval;
1199 }
regards,
dan carpenter
[Index of Archives]
[Pulseaudio]
[Linux Audio Users]
[ALSA Devel]
[Fedora Desktop]
[Fedora SELinux]
[Big List of Linux Books]
[Yosemite News]
[KDE Users]