Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/sound/core
History
Robb Glasser 745b477c70 ALSA: pcm: prevent UAF in snd_pcm_info 
When the device descriptor is closed, the `substream->runtime` pointer
is freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
calls snd_pcm_info() which accesses the now freed `substream->runtime`.

Bug: 36006981
Signed-off-by: Robb Glasser <rglasser@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Change-Id: I445d24bc21dc0af6d9522a8daabe64969042236a
2018-01-13 17:13:42 +03:00
..
oss ALSA: Fix card refcount unbalance 2012-11-17 13:16:36 -08:00
seq Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
compress_offload.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
control.c ALSA: control: Make sure that id->index does not overflow 2017-04-03 16:43:05 -06:00
control_compat.c ALSA: control: add support for ENUMERATED user space controls 2011-10-09 09:09:11 +02:00
ctljack.c ALSA: hda - Add missing inclusion of linux/export.h 2011-11-16 14:28:33 +01:00
device.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
hrtimer.c ALSA: hrtimer: Fix stall by hrtimer_cancel() 2016-10-29 23:12:35 +08:00
hwdep.c ALSA: Avoid endless sleep after disconnect 2012-11-17 13:16:13 -08:00
hwdep_compat.c
info.c ALSA: info: Check for integer overflow in snd_info_entry_write() 2017-06-07 13:18:23 -06:00
info_oss.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
init.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
isadma.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
jack.c ALSA: jack: Update supported jack switch types 2013-02-25 11:41:20 -08:00
Kconfig sound: Add MSM sound drivers 2013-02-25 11:41:24 -08:00
Makefile Merge branch 'topic/hda' into for-linus 2012-01-12 09:59:18 +01:00
memalloc.c treewide: Correct spelling of successfully in comments 2011-09-27 18:08:04 +02:00
memory.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
misc.c ALSA: Fixed a trailing white space error 2012-02-20 15:34:04 +01:00
pcm.c ALSA: pcm: prevent UAF in snd_pcm_info 2018-01-13 17:13:42 +03:00
pcm_compat.c ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode 2015-02-02 17:05:06 +08:00
pcm_lib.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
pcm_memory.c sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed 2011-10-31 19:31:22 -04:00
pcm_misc.c ASoc: msm: Add AMR NB and AMR WB support for Voip 2013-02-25 11:41:07 -08:00
pcm_native.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
pcm_timer.c
rawmidi.c ALSA: Avoid endless sleep after disconnect 2012-11-17 13:16:13 -08:00
rawmidi_compat.c
rtctimer.c ALSA: rtctimer.c needs module.h 2011-07-30 08:03:35 +02:00
sgbuf.c
sound.c ALSA: Fix card refcount unbalance 2012-11-17 13:16:36 -08:00
sound_oss.c ALSA: Fix card refcount unbalance 2012-11-17 13:16:36 -08:00
timer.c UPSTREAM: ALSA: timer: Call notifier in the same spinlock 2018-01-13 17:13:38 +03:00
timer_compat.c
vmaster.c ALSA: vmaster: Fix slave change notification 2013-03-14 11:29:50 -07:00