android_kernel_zuk_msm8996.git

diff options

author	Takashi Iwai <tiwai@suse.de>	2018-03-10 23:04:23 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-03-22 09:23:30 +0100
commit	422d4f1c0711b7563fa9833af971b51114796ad1 (patch)
tree	cb33233bd54f155a5113653daaf98f554331d005 /include/linux/debugobjects.h
parent	d7230d5286cec2301912714581024e9f0e22083b (diff)

ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()

commit 01c0b4265cc16bc1f43f475c5944c55c10d5768f upstream. snd_pcm_oss_get_formats() has an obvious use-after-free around snd_mask_test() calls, as spotted by syzbot. The passed format_mask argument is a pointer to the hw_params object that is freed before the loop. What a surprise that it has been present since the original code of decades ago... Reported-by: syzbot+4090700a4f13fccaf648@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/linux/debugobjects.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: