On Wed, 13 Nov 2019 11:35:16 +0100, Takashi Iwai wrote:
On Wed, 13 Nov 2019 11:19:54 +0100, Pavel Machek wrote:
Hi!
From: Takashi Iwai tiwai@suse.de
commit 60849562a5db4a1eee2160167e4dce4590d3eafe upstream.
The previous addition of descriptor validation may lead to a NULL dereference at create_yamaha_midi_quirk() when either injd or outjd is NULL. Add proper non-NULL checks.
This is wrong.
@@ -259,8 +259,8 @@ static int create_yamaha_midi_quirk(stru NULL, USB_MS_MIDI_OUT_JACK); if (!injd && !outjd) return -ENODEV;
Clearly code wants to allow at most one of them to be NULL.
- if (!snd_usb_validate_midi_desc(injd) ||
!snd_usb_validate_midi_desc(outjd))
- if (!(injd && snd_usb_validate_midi_desc(injd)) ||
!(outjd && snd_usb_validate_midi_desc(outjd)))Yet it will return here if it is. Correct check would be
if (!(!injd || snd_usb_validate_midi_desc(injd)) ||!(!outjd || snd_usb_validate_midi_desc(outjd)))AFAICT.
Erm, right, but a better representation is:
if ((injd && !snd_usb_validate_midi_desc(injd)) || (outjd && !snd_usb_validate_midi_desc(injd)))
Of course, another typo:
if ((injd && !snd_usb_validate_midi_desc(injd)) || (outjd && !snd_usb_validate_midi_desc(outjd)))
Takashi