Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp4884060pjb; Mon, 27 Jul 2020 07:33:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxPJ8ObWv0hX4Bb0obADWzQJsbkXI95/Bdt+Z07SSTj/v9jIiogRQ7jSk+3p/ZA11r6OTzz X-Received: by 2002:a17:906:a94b:: with SMTP id hh11mr6158018ejb.104.1595860405248; Mon, 27 Jul 2020 07:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595860405; cv=none; d=google.com; s=arc-20160816; b=V+jN2g4J/SQDEdIRTwnidwDesy7RJwQFO3YMGSlKwaOSGGP5qTeCS8ePHeDOHtnGGk GxcJyUYJQnydJoXEj/8+GGgQHcc67FIVNh1/w5hUs8NIlZ4df1BiJiWTKZHTJcoZNw83 JESMutxQf8zkKtVZ0LKHEGKXsKXi8N+wQKPtfByxx5cOnId9bzDlDZzvUnBoPHQJYRiI jqAUt+J767Fe278b+s24khuKZr1JxE1QLo6ARNjaIwXMLC1P8MGGuezu+HYtCL2X8yMy iJH/YbPR5w3VvsgXTdMHLYS8DJSxGIppjXxG/3txMQwXH3VsO7LwHdQMRyIPmEZ0ADTI amhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=4hC9nJhEOKBRPW3Mgld8nsz4HGB0/4O3zIX8c5hbHyI=; b=VpA4+jJrj/YfyA9+q+Z3trI36b8YNfsJBWH8M526IkdqgOxPp68lCxHYpH8RCtf/hO qkW2QRL0mVywY+X2bcjCu6Vec7D0ZDEvIE72PQoYGlSSPLy6+C/T5E13R/FDwgVoRtED oLArMJNB+Mg1gQX+AnV4yu9kalHG7vUGOdvz/iD7Jra6aiGzB1U+AjxfTXwafLzyDQ2a mh9PkMixyXrb+6FNauqIHNXHJXuFoORXZ+H/4r4jBy+I/AOTvcfH79YvA3T5VU9tQdEI V5AoXOh4a9Q8xSc4K8+KBkFf7sAUlYp7TGJuXQ02c/cOFFns6VvbwGrIDI+O0ex14OqX w6CQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ScG+8CUk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c19si5559819ejz.484.2020.07.27.07.33.02; Mon, 27 Jul 2020 07:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ScG+8CUk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731521AbgG0Obz (ORCPT + 99 others); Mon, 27 Jul 2020 10:31:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:48156 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730910AbgG0OUA (ORCPT ); Mon, 27 Jul 2020 10:20:00 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 717AE2070A; Mon, 27 Jul 2020 14:19:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595859600; bh=lCDe1J0ta32mUjIq8S4kkhH1ff10RVyb7a8ebk1b54g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ScG+8CUkpqOOs0aRgtmP2anI5SwcWmTu/iXYg+GKGq7caPxNElwRvN6r6ZZCVEU+v zL96iQnWdVvlbw6lHjTkxhF5YUsfm0hgmAAE3SejVMsKqaztBUItqUOhAwmLwgwAqa aW/AahXjYIUrt949EQGVyiIv0qVo/W9Y0l7Gw4Wc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com, Takashi Iwai Subject: [PATCH 5.7 034/179] ALSA: info: Drop WARN_ON() from buffer NULL sanity check Date: Mon, 27 Jul 2020 16:03:29 +0200 Message-Id: <20200727134934.332168171@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727134932.659499757@linuxfoundation.org> References: <20200727134932.659499757@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Takashi Iwai commit 60379ba08532eca861e933b389526a4dc89e0c42 upstream. snd_info_get_line() has a sanity check of NULL buffer -- both buffer itself being NULL and buffer->buffer being NULL. Basically both checks are valid and necessary, but the problem is that it's with snd_BUG_ON() macro that triggers WARN_ON(). The latter condition (NULL buffer->buffer) can be met arbitrarily by user since the buffer is allocated at the first write, so it means that user can trigger WARN_ON() at will. This patch addresses it by simply moving buffer->buffer NULL check out of snd_BUG_ON() so that spurious WARNING is no longer triggered. Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/info.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/sound/core/info.c +++ b/sound/core/info.c @@ -606,7 +606,9 @@ int snd_info_get_line(struct snd_info_bu { int c; - if (snd_BUG_ON(!buffer || !buffer->buffer)) + if (snd_BUG_ON(!buffer)) + return 1; + if (!buffer->buffer) return 1; if (len <= 0 || buffer->stop || buffer->error) return 1;