Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp634245ybz; Sat, 25 Apr 2020 00:57:00 -0700 (PDT) X-Google-Smtp-Source: APiQypKmPuADKGRSNdZEaQAbAeLzZ64onitiSLuqDlZ+4gyNFqVjKR++Z7dUV+xupoBO2tWWJ5jM X-Received: by 2002:a50:cd89:: with SMTP id p9mr10664378edi.188.1587801420513; Sat, 25 Apr 2020 00:57:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587801420; cv=none; d=google.com; s=arc-20160816; b=ee+seXOIJV0g9vC2fPHtSe4j1CiUABb24HbZsHCePy+isBZZTk9x06YmYdgE9zSPhZ lM+ilIJV6UuofCl+fuXTr21H5eunD1mVCOENkYgIWI7ffzwPGPxZusbBWKv71A01HUhU RFZ7egD556JTcIY58vssfyPDx7jh3HRqu9z6+jOYhUTEHb2wDAp9hdwXcTbI4vgvDpgn xKjNRSjc8WWsoKaC89gnJ9No/7ZFFUv06Y3cXHA/O3HEkNxRPFQ6fG3WEcg82o+b0C/K puqM8v3OsZZWVIloBZIR72Tzd2ir7wTp3I6g0PSkByf1KLxQ7u661KL+IjSBFiB6+Reg 2fpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=BgbYCAeNQS+0nZ7Fig9vtQKe5K6A7aPPzIrm8C7qsUo=; b=CVXvyQTVA2eV/mOGkHo++rTO1YofspchMGiQ3Ek5PZ9GYTL+IXbp/rMqpRgyYk9pVL vJnvMbMAuaqZlXZZlElbhgid6AJ/CuQTh0qKv2m/RUtYGHf4M64HSfEsdLhOBmvcfFgB HluGnmHsnUI122llgQVmo1PCLtfuM94QjUhFhzmxE21KpH3wq2573gTB8eZM64Hu/uvb 9UQTZz1Mh9qCtKtx5PeS/Bk+SaidxwTNfA3bSxnufplVEY61m2B8g+DiDs1PtwKC7qhA lHyUUb5hPe16QxYvxBxnecqlSZ2knF5ET2j5UFigqUsCTuyZ0mLSA0L2XE60ltbOVe5f Weqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CnG+O4+o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q18si4562876edg.149.2020.04.25.00.56.37; Sat, 25 Apr 2020 00:57:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CnG+O4+o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726128AbgDYHta (ORCPT + 99 others); Sat, 25 Apr 2020 03:49:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1725837AbgDYHt3 (ORCPT ); Sat, 25 Apr 2020 03:49:29 -0400 Received: from mail-qv1-xf41.google.com (mail-qv1-xf41.google.com [IPv6:2607:f8b0:4864:20::f41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75BB6C09B049 for ; Sat, 25 Apr 2020 00:49:28 -0700 (PDT) Received: by mail-qv1-xf41.google.com with SMTP id di6so5887471qvb.10 for ; Sat, 25 Apr 2020 00:49:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=BgbYCAeNQS+0nZ7Fig9vtQKe5K6A7aPPzIrm8C7qsUo=; b=CnG+O4+oOV8iNbmiQlvDFqsA7UGQFM7lwHR/uXwOIq6fSWfg2UihtiYQvVvwKZGx80 Oo7g3L9ILVnmm5FwSeZY3gPrXkK0x0hKBv0KvYXigh7O7th8Xndn4PWCvbqj0KVonEwu 7ZR6VvHhK8Y0iZpK4n8s/J/ZkqUk9y3WHmiAHGQpaiSYPo+UKeZbyMN5qIo0bCEXZHMH zlHBWaEJeARsiEeEZghohFYg80MeDVwSj2BFoUU3kWX1HB0hp7A4BRvjYthgzHQDjg4r drAS+b42bIPzFf97etG2yohqn/G9A+6z2EEISXi97Uk1SdMhllxp+siZqfwVq31dXTQ4 rStw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=BgbYCAeNQS+0nZ7Fig9vtQKe5K6A7aPPzIrm8C7qsUo=; b=IcyAVBlM76CnMwmejIRZDvy4SwB1PhlBKv7QHw2wZ+osOV9QeXiNkKxMVcDL+6kvr5 +/ldLnHnb44tvbbT3btzkB+eCa92sEPkL3RIh/aZDm+w+3lEv4UUzDXDZrpPK0TRT29N pNHKTgdyq7sH25xLR9MtXlkS3tuxbuN8QFetJOwfZ8w7sx2d8V+fMiCHtw/SNlEKBO13 TmIZ+9QwO5fddEOzHWcV6bmvY/QaR+rkRERKF5+IVcesGCgD60VCR/tflE2F1Op+txGu AWJsMJGKMUNvLu18fHe1xMhRXh2WBgzpDhzpyjYl2fb+bhUu9F4ZgtGmGgseqXJ8vmbk T5Fw== X-Gm-Message-State: AGi0PubLDJVq3gxiwdadaELw3ztAQj+QD0XLon62ioPa9AXMW6RPXKcc cuPXORnxWA1nd/gkC2TFhuDrP+t2q6Bz7mLgdew= X-Received: by 2002:a0c:a9c2:: with SMTP id c2mr12947457qvb.23.1587800967701; Sat, 25 Apr 2020 00:49:27 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shengjiu Wang Date: Sat, 25 Apr 2020 15:49:16 +0800 Message-ID: Subject: Re: [PATCH v2] ASoC: fsl_easrc: Check for null pointer before dereferencing "ctx" in fsl_easrc_hw_free() To: Shengjiu Wang Cc: Timur Tabi , Nicolin Chen , Xiubo Li , Fabio Estevam , Mark Brown , Linux-ALSA , Liam Girdwood , perex@perex.cz, Takashi Iwai , linuxppc-dev@lists.ozlabs.org, linux-kernel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 25, 2020 at 3:30 PM Shengjiu Wang wrote= : > > The patch 955ac624058f: "ASoC: fsl_easrc: Add EASRC ASoC CPU DAI > drivers" from Apr 16, 2020, leads to the following Smatch complaint: > > sound/soc/fsl/fsl_easrc.c:1529 fsl_easrc_hw_free() > warn: variable dereferenced before check 'ctx' (see line 1527) > > sound/soc/fsl/fsl_easrc.c > 1526 struct fsl_asrc_pair *ctx =3D runtime->private_data; > 1527 struct fsl_easrc_ctx_priv *ctx_priv =3D ctx->private; > ^^^^^ > Dereference > > 1528 > 1529 if (ctx && (ctx_priv->ctx_streams & BIT(substream->stream= ))) { > ^^^ > This check is too late, to prevent a NULL dereference. > > 1530 ctx_priv->ctx_streams &=3D ~BIT(substream->stream= ); > 1531 fsl_easrc_release_context(ctx); > > Fixes: 955ac624058f ("ASoC: fsl_easrc: Add EASRC ASoC CPU DAI drivers") > Reported-by: Dan Carpenter > Signed-off-by: Shengjiu Wang > --- Sorry=EF=BC=8CI forgot the changes: changes in v2: - refine the commit subject. best regards Wang shengjiu > sound/soc/fsl/fsl_easrc.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/sound/soc/fsl/fsl_easrc.c b/sound/soc/fsl/fsl_easrc.c > index 97658e1f4989..20326bffab64 100644 > --- a/sound/soc/fsl/fsl_easrc.c > +++ b/sound/soc/fsl/fsl_easrc.c > @@ -1524,9 +1524,14 @@ static int fsl_easrc_hw_free(struct snd_pcm_substr= eam *substream, > { > struct snd_pcm_runtime *runtime =3D substream->runtime; > struct fsl_asrc_pair *ctx =3D runtime->private_data; > - struct fsl_easrc_ctx_priv *ctx_priv =3D ctx->private; > + struct fsl_easrc_ctx_priv *ctx_priv; > > - if (ctx && (ctx_priv->ctx_streams & BIT(substream->stream))) { > + if (!ctx) > + return -EINVAL; > + > + ctx_priv =3D ctx->private; > + > + if (ctx_priv->ctx_streams & BIT(substream->stream)) { > ctx_priv->ctx_streams &=3D ~BIT(substream->stream); > fsl_easrc_release_context(ctx); > } > -- > 2.21.0 >