From: Chengfeng Ye cyeaa@connect.ust.hk
mainline inclusion from mainline-v5.16-rc1 commit b97053df0f04747c3c1e021ecbe99db675342954 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9FNFQ CVE: CVE-2021-47211
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference.
Signed-off-by: Chengfeng Ye cyeaa@connect.ust.hk Link: https://lore.kernel.org/r/20211024111736.11342-1-cyeaa@connect.ust.hk Signed-off-by: Takashi Iwai tiwai@suse.de Conflicts: sound/usb/clock.c Signed-off-by: Liu Shixin liushixin2@huawei.com --- sound/usb/clock.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/sound/usb/clock.c b/sound/usb/clock.c index e31349865f20..01b414448312 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -538,11 +538,17 @@ static int set_sample_rate_v2v3(struct snd_usb_audio *chip, int iface, struct uac3_clock_source_descriptor *cs_desc;
cs_desc = snd_usb_find_clock_source_v3(chip->ctrl_intf, clock); + if (!cs_desc) + return 0; + bmControls = le32_to_cpu(cs_desc->bmControls); } else { struct uac_clock_source_descriptor *cs_desc;
cs_desc = snd_usb_find_clock_source(chip->ctrl_intf, clock); + if (!cs_desc) + return 0; + bmControls = cs_desc->bmControls; }