On 17. 12. 24 9:35, Dan Carpenter wrote:
Hello Jaroslav Kysela,
Hi Dan,
Commit 04177158cf98 ("ALSA: compress_offload: introduce accel
operation mode") from Oct 2, 2024 (linux-next), leads to the
following Smatch static checker warning:
sound/core/compress_offload.c:1188 snd_compr_task_seq()
error: dereferencing freed memory 'task' (line 1189)
sound/core/compress_offload.c
1174 static int snd_compr_task_seq(struct snd_compr_stream *stream, unsigned long arg,
1175 snd_compr_seq_func_t fcn)
1176 {
1177 struct snd_compr_task_runtime *task;
1178 __u64 seqno;
1179 int retval;
1180
1181 if (stream->runtime->state != SNDRV_PCM_STATE_SETUP)
1182 return -EPERM;
1183 retval = get_user(seqno, (__u64 __user *)arg);
1184 if (retval < 0)
1185 return retval;
1186 retval = 0;
1187 if (seqno == 0) {
--> 1188 list_for_each_entry_reverse(task, &stream->runtime->tasks, list)
1189 fcn(stream, task);
fcn() can be snd_compr_task_free_one() so this should be
list_for_each_entry_safe_reverse() but it also calls fput() on
the fd from fd_install() so I'm really uncomfortable with that for the
same reasons as before.
Thanks for those suggestions. I tried to resolve mentioned issues in two
patches bellow:
https://lore.kernel.org/linux-sound/20241217100707.732766-1-perex@xxxxxxxx/
https://lore.kernel.org/linux-sound/20241217100726.732863-1-perex@xxxxxxxx/
Jaroslav
--
Jaroslav Kysela <perex@xxxxxxxx>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
[Index of Archives]
[Pulseaudio]
[Linux Audio Users]
[ALSA Devel]
[Fedora Desktop]
[Fedora SELinux]
[Big List of Linux Books]
[Yosemite News]
[KDE Users]