diff mbox series

soc: soc-core: fix a missing check on list iterator

Message ID 20220327082018.13585-1-xiam0nd.tong@gmail.com
State New
Headers show
Series soc: soc-core: fix a missing check on list iterator | expand

Commit Message

Xiaomeng Tong March 27, 2022, 8:20 a.m. UTC 
The bug is here:
	*dai_name = dai->driver->name;

For for_each_component_dais, just like list_for_each_entry,
the list iterator 'dai' will point to a bogus position
containing HEAD if the list is empty or no element is found.
This case must be checked before any use of the iterator,
otherwise it will lead to a invalid memory access.

To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'dai' as a dedicated pointer
to point to the found element.

Cc: stable@vger.kernel.org
Fixes: 58bf4179000a3 ("ASoC: soc-core: remove dai_drv from snd_soc_component")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
---
 sound/soc/soc-core.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 434e61b46983..064fc0347868 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3238,7 +3238,7 @@  int snd_soc_get_dai_name(const struct of_phandle_args *args,
 
 		ret = snd_soc_component_of_xlate_dai_name(pos, args, dai_name);
 		if (ret == -ENOTSUPP) {
-			struct snd_soc_dai *dai;
+			struct snd_soc_dai *dai = NULL, *iter;
 			int id = -1;
 
 			switch (args->args_count) {
@@ -3261,12 +3261,19 @@  int snd_soc_get_dai_name(const struct of_phandle_args *args,
 			ret = 0;
 
 			/* find target DAI */
-			for_each_component_dais(pos, dai) {
-				if (id == 0)
+			for_each_component_dais(pos, iter) {
+				if (id == 0) {
+					dai = iter;
 					break;
+				}
 				id--;
 			}
 
+			if (!dai) {
+				ret = -EINVAL;
+				continue;
+			}
+
 			*dai_name = dai->driver->name;
 			if (!*dai_name)
 				*dai_name = pos->name;