2022-03-27 20:05:49

by Xiaomeng Tong

[permalink] [raw]
Subject: [PATCH] cs423x: cs4236: fix an incorrect NULL check on list iterator

The bug is here:
err = snd_card_cs423x_pnp(dev, card->private_data, pdev, cdev);

The list iterator value 'cdev' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.

To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'cdev' as a dedicated pointer
to point to the found element. And snd_card_cs423x_pnp() itself
has NULL check for cdev.

Cc: [email protected]
Fixes: c2b73d1458014 ("ALSA: cs4236: cs4232 and cs4236 driver merge to solve PnP BIOS detection")
Signed-off-by: Xiaomeng Tong <[email protected]>
---
sound/isa/cs423x/cs4236.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sound/isa/cs423x/cs4236.c b/sound/isa/cs423x/cs4236.c
index b6bdebd9ef27..10112e1bb25d 100644
--- a/sound/isa/cs423x/cs4236.c
+++ b/sound/isa/cs423x/cs4236.c
@@ -494,7 +494,7 @@ static int snd_cs423x_pnpbios_detect(struct pnp_dev *pdev,
static int dev;
int err;
struct snd_card *card;
- struct pnp_dev *cdev;
+ struct pnp_dev *cdev, *iter;
char cid[PNP_ID_LEN];

if (pnp_device_is_isapnp(pdev))
@@ -510,9 +510,11 @@ static int snd_cs423x_pnpbios_detect(struct pnp_dev *pdev,
strcpy(cid, pdev->id[0].id);
cid[5] = '1';
cdev = NULL;
- list_for_each_entry(cdev, &(pdev->protocol->devices), protocol_list) {
- if (!strcmp(cdev->id[0].id, cid))
+ list_for_each_entry(iter, &(pdev->protocol->devices), protocol_list) {
+ if (!strcmp(iter->id[0].id, cid)) {
+ cdev = iter;
break;
+ }
}
err = snd_cs423x_card_new(&pdev->dev, dev, &card);
if (err < 0)
--
2.17.1


2022-03-28 01:42:06

by Takashi Iwai

[permalink] [raw]
Subject: Re: [PATCH] cs423x: cs4236: fix an incorrect NULL check on list iterator

On Sun, 27 Mar 2022 08:08:22 +0200,
Xiaomeng Tong wrote:
>
> The bug is here:
> err = snd_card_cs423x_pnp(dev, card->private_data, pdev, cdev);
>
> The list iterator value 'cdev' will *always* be set and non-NULL
> by list_for_each_entry(), so it is incorrect to assume that the
> iterator value will be NULL if the list is empty or no element
> is found.
>
> To fix the bug, use a new variable 'iter' as the list iterator,
> while use the original variable 'cdev' as a dedicated pointer
> to point to the found element. And snd_card_cs423x_pnp() itself
> has NULL check for cdev.
>
> Cc: [email protected]
> Fixes: c2b73d1458014 ("ALSA: cs4236: cs4232 and cs4236 driver merge to solve PnP BIOS detection")
> Signed-off-by: Xiaomeng Tong <[email protected]>

Thanks, applied now.


Takashi