linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 05:48:40 +00:00

History

Richard Fitzgerald 5a23699a39 ALSA: control: Fix memory corruption risk in snd_ctl_elem_read The patch "ALSA: control: code refactoring for ELEM_READ/ELEM_WRITE operations" introduced a potential for kernel memory corruption due to an incorrect if statement allowing non-readable controls to fall through and call the get function. For TLV controls a driver can omit SNDRV_CTL_ELEM_ACCESS_READ to ensure that only the TLV get function can be called. Instead the normal get() can be invoked unexpectedly and as the driver expects that this will only be called for controls <= 512 bytes, potentially try to copy >512 bytes into the 512 byte return array, so corrupting kernel memory. The problem is an attempt to refactor the snd_ctl_elem_read function to invert the logic so that it conditionally aborted if the control is unreadable instead of conditionally executing. But the if statement wasn't inverted correctly. The correct inversion of if (a && !b) is if (!a \|\| b) Fixes: `becf9e5d55` ("ALSA: control: code refactoring for ELEM_READ/ELEM_WRITE operations") Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>		2018-02-28 08:15:56 +01:00
..
ac97	ALSA: ac97: kconfig: Remove select of undefined symbol AC97	2018-02-12 08:16:39 +01:00
aoa	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
arm	Merge remote-tracking branches 'asoc/topic/ac97', 'asoc/topic/ac97-mfd', 'asoc/topic/amd' and 'asoc/topic/arizona-mfd' into asoc-next	2017-11-10 21:31:02 +00:00
atmel	ASoC: Updates for v4.14	2017-09-04 14:50:49 +02:00
core	ALSA: control: Fix memory corruption risk in snd_ctl_elem_read	2018-02-28 08:15:56 +01:00
drivers	Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-01-29 16:50:58 -08:00
firewire	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
hda	Merge branch 'topic/hdac-hdmi' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-intel	2018-01-12 21:19:05 +00:00
i2c	ASoC: Updates for v4.15	2017-11-13 15:45:57 +01:00
isa	ALSA: gus: Delete an error message for a failed memory allocation in snd_gf1_dma_transfer_block()	2017-11-29 09:29:36 +01:00
mips	ALSA: sgio2audio: Improve a size determination in snd_sgio2audio_create()	2017-11-29 09:29:31 +01:00
oss	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
parisc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
pci	ALSA: hda - Fix pincfg at resume on Lenovo T470 dock	2018-02-26 15:36:38 +01:00
pcmcia	ALSA: pcmcia: constify snd_pcm_ops structures	2017-08-19 11:02:21 +02:00
ppc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
sh	ALSA: sh: aica: Convert timers to use timer_setup()	2017-10-05 08:20:17 +02:00
soc	ASoC: Updates for v4.16	2018-02-07 12:11:09 -08:00
sparc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
spi	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
synth	ASoC: Updates for v4.15	2017-11-13 15:45:57 +01:00
usb	ALSA: usb-audio: Add a quirck for B&W PX headphones	2018-02-24 11:28:05 +01:00
x86	ALSA: x86: hdmi: Add single_port option for compatible behavior	2018-02-22 11:51:36 +01:00
ac97_bus.c
Kconfig	ASoC: Updates for v4.15	2017-11-13 15:45:57 +01:00
last.c
Makefile	ASoC: Updates for v4.15	2017-11-13 15:45:57 +01:00
sound_core.c	sound: Remove leftover msnd init declarations	2018-01-11 17:10:34 +01:00