| Message ID | 20200414065109.6923-1-yangerkun@huawei.com |
|---|---|
| State | New |
| Headers | show |
| Series | [RFC,v2] ALSA: control: fix a error handling exist in snd_ctl_elem_add | expand |
diff --git a/sound/core/control.c b/sound/core/control.c index aa0c0cf182af..c77ca7f39637 100644 --- a/sound/core/control.c +++ b/sound/core/control.c @@ -1431,7 +1431,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, return -ENOMEM; /* Check the number of elements for this userspace control. */ - count = info->owner; + count = info->count; if (count == 0) count = 1;
CVE-2020-11725 report that 'count = info->owner' may result a SIZE_OVERFLOW. 'info->owner' represent a pid, and actually, we should use info->count. Signed-off-by: yangerkun <yangerkun@huawei.com> --- sound/core/control.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) v1->v2: reword the patch head