linux/sound/core/oss
Takashi Iwai 01c0b4265c ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
snd_pcm_oss_get_formats() has an obvious use-after-free around
snd_mask_test() calls, as spotted by syzbot.  The passed format_mask
argument is a pointer to the hw_params object that is freed before the
loop.  What a surprise that it has been present since the original
code of decades ago...

Reported-by: syzbot+4090700a4f13fccaf648@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-11 10:25:10 +01:00
..
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
copy.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
io.c ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
linear.c ALSA: core: remove unused variables. 2011-05-26 08:19:04 +02:00
mixer_oss.c ALSA: core: Follow standard EXPORT_SYMBOL() declarations 2017-06-16 16:19:16 +02:00
mulaw.c ALSA: core: sparse cleanups 2011-02-14 17:10:11 +01:00
pcm_oss.c ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() 2018-03-11 10:25:10 +01:00
pcm_plugin.c ALSA: pcm: Add missing error checks in OSS emulation plugin builder 2018-01-04 16:39:27 +01:00
pcm_plugin.h ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
rate.c ALSA: fix excessive background noise introduced by OSS emulation rate shrink 2009-02-23 07:49:04 +01:00
route.c ALSA: core: sparse cleanups 2011-02-14 17:10:11 +01:00