From 5929546a96d55962bdcabae0c4e25dfcd9f1fda9 Mon Sep 17 00:00:00 2001 From: Giuliano Pochini Date: Mon, 6 Nov 2006 11:42:00 +0100 Subject: [ALSA] Fix potential NULL pointer dereference in echoaudio midi Fix races between the timer handler and the close function. Signed-off-by: Giuliano Pochini Signed-off-by: Takashi Iwai Signed-off-by: Jaroslav Kysela --- sound/pci/echoaudio/midi.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'sound/pci/echoaudio') diff --git a/sound/pci/echoaudio/midi.c b/sound/pci/echoaudio/midi.c index e31f0f11e3a8..91f5bff66d3f 100644 --- a/sound/pci/echoaudio/midi.c +++ b/sound/pci/echoaudio/midi.c @@ -213,7 +213,7 @@ static void snd_echo_midi_output_write(unsigned long data) sent = bytes = 0; spin_lock_irqsave(&chip->lock, flags); chip->midi_full = 0; - if (chip->midi_out && !snd_rawmidi_transmit_empty(chip->midi_out)) { + if (!snd_rawmidi_transmit_empty(chip->midi_out)) { bytes = snd_rawmidi_transmit_peek(chip->midi_out, buf, MIDI_OUT_BUFFER_SIZE - 1); DE_MID(("Try to send %d bytes...\n", bytes)); @@ -264,9 +264,11 @@ static void snd_echo_midi_output_trigger(struct snd_rawmidi_substream *substream } } else { if (chip->tinuse) { - del_timer(&chip->timer); chip->tinuse = 0; + spin_unlock_irq(&chip->lock); + del_timer_sync(&chip->timer); DE_MID(("Timer removed\n")); + return; } } spin_unlock_irq(&chip->lock); -- cgit v1.2.3