This is a note to let you know that I've just added the patch titled
ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error.
to the 3.16-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
asoc-core-fix-possible-zero_size_ptr-pointer-dereferencing-error.patch
and it can be found in the queue-3.16 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 6596aa047b624aeec2ea321962cfdecf9953a383 Mon Sep 17 00:00:00 2001
From: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx>
Date: Sun, 28 Sep 2014 17:29:37 +0800
Subject: ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error.
From: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx>
commit 6596aa047b624aeec2ea321962cfdecf9953a383 upstream.
Since we cannot make sure the 'params->num_regs' will always be none
zero here, and then if it equals to zero, the kmemdup() will return
ZERO_SIZE_PTR, which equals to ((void *)16).
So this patch fix this with just doing the zero check before calling
kmemdup().
Signed-off-by: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx>
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
sound/soc/soc-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3181,7 +3181,7 @@ int snd_soc_bytes_put(struct snd_kcontro
unsigned int val, mask;
void *data;
- if (!component->regmap)
+ if (!component->regmap || !params->num_regs)
return -EINVAL;
len = params->num_regs * component->val_bytes;
Patches currently in stable-queue which might be from Li.Xiubo@xxxxxxxxxxxxx are
queue-3.16/asoc-core-fix-possible-zero_size_ptr-pointer-dereferencing-error.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html