From d10ee9c542365bdc0a7497306e21ff6c7f2172b0 Mon Sep 17 00:00:00 2001 From: Srikanth K H Date: Fri, 20 Jul 2018 11:13:51 +0530 Subject: ALSA: timer: catch invalid timer object creation A timer object for the classes SNDRV_TIMER_CLASS_CARD and SNDRV_TIMER_CLASS_PCM has to be associated with a card object, but we have no check at creation time. Such a timer object with NULL card causes various unexpected problems, e.g. NULL dereference at reading the sound timer proc file. So as preventive measure while the creating the sound timer object is created the card information availability is checked for the mentioned entries and returned error if its NULL. Signed-off-by: Srikanth K H Signed-off-by: Takashi Iwai --- sound/core/timer.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/core/timer.c b/sound/core/timer.c index b6f076bbc72d..61a0cec6e1f6 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -883,6 +883,11 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid, if (snd_BUG_ON(!tid)) return -EINVAL; + if (tid->dev_class == SNDRV_TIMER_CLASS_CARD || + tid->dev_class == SNDRV_TIMER_CLASS_PCM) { + if (WARN_ON(!card)) + return -EINVAL; + } if (rtimer) *rtimer = NULL; timer = kzalloc(sizeof(*timer), GFP_KERNEL); -- cgit v1.2.3