diff options
| author | Takashi Iwai <tiwai@suse.de> | 2018-03-11 01:04:23 +0300 | 
|---|---|---|
| committer | Takashi Iwai <tiwai@suse.de> | 2018-03-11 12:25:10 +0300 | 
| commit | 01c0b4265cc16bc1f43f475c5944c55c10d5768f (patch) | |
| tree | 1b6bcb6a25c2c4d73eb9f3247f63c84216f6a9bb /lib/assoc_array.c | |
| parent | a2ff19f7b70118ced291a28d5313469914de451b (diff) | |
| download | linux-01c0b4265cc16bc1f43f475c5944c55c10d5768f.tar.xz | |
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
snd_pcm_oss_get_formats() has an obvious use-after-free around
snd_mask_test() calls, as spotted by syzbot.  The passed format_mask
argument is a pointer to the hw_params object that is freed before the
loop.  What a surprise that it has been present since the original
code of decades ago...
Reported-by: syzbot+4090700a4f13fccaf648@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'lib/assoc_array.c')
0 files changed, 0 insertions, 0 deletions
