Re: [bug report] ALSA: compress_offload: introduce accel operation mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 17. 12. 24 9:35, Dan Carpenter wrote:
Hello Jaroslav Kysela,

Hi Dan,

Commit 04177158cf98 ("ALSA: compress_offload: introduce accel
operation mode") from Oct 2, 2024 (linux-next), leads to the
following Smatch static checker warning:

	sound/core/compress_offload.c:1188 snd_compr_task_seq()
	error: dereferencing freed memory 'task' (line 1189)

sound/core/compress_offload.c
     1174 static int snd_compr_task_seq(struct snd_compr_stream *stream, unsigned long arg,
     1175                                         snd_compr_seq_func_t fcn)
     1176 {
     1177         struct snd_compr_task_runtime *task;
     1178         __u64 seqno;
     1179         int retval;
     1180
     1181         if (stream->runtime->state != SNDRV_PCM_STATE_SETUP)
     1182                 return -EPERM;
     1183         retval = get_user(seqno, (__u64 __user *)arg);
     1184         if (retval < 0)
     1185                 return retval;
     1186         retval = 0;
     1187         if (seqno == 0) {
--> 1188                 list_for_each_entry_reverse(task, &stream->runtime->tasks, list)
     1189                         fcn(stream, task);

fcn() can be snd_compr_task_free_one() so this should be
list_for_each_entry_safe_reverse() but it also calls fput() on
the fd from fd_install() so I'm really uncomfortable with that for the
same reasons as before.

Thanks for those suggestions. I tried to resolve mentioned issues in two patches bellow:

https://lore.kernel.org/linux-sound/20241217100707.732766-1-perex@xxxxxxxx/
https://lore.kernel.org/linux-sound/20241217100726.732863-1-perex@xxxxxxxx/

					Jaroslav

--
Jaroslav Kysela <perex@xxxxxxxx>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.




[Index of Archives]     [Pulseaudio]     [Linux Audio Users]     [ALSA Devel]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux