On Sun 27 Mar 2022 at 16:18, Xiaomeng Tong xiam0nd.tong@gmail.com wrote:
The bug is here: *dai_name = dai->driver->name;
For for_each_component_dais(), just like list_for_each_entry, the list iterator 'runtime' will point to a bogus position containing HEAD if the list is empty or no element is found. This case must be checked before any use of the iterator, otherwise it will lead to a invalid memory access.
To fix the bug, just move the assignment into loop and return 0 when element is found, otherwise return -EINVAL;
Except we already checked that the id is valid and know an element will be be found once we enter the loop. No bug here and this patch does not seem necessary to me.
Cc: stable@vger.kernel.org Fixes: 6ae9ca9ce986b ("ASoC: meson: aiu: add i2s and spdif support") Signed-off-by: Xiaomeng Tong xiam0nd.tong@gmail.com
sound/soc/meson/aiu.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/sound/soc/meson/aiu.c b/sound/soc/meson/aiu.c index d299a70db7e5..b52915c6f53b 100644 --- a/sound/soc/meson/aiu.c +++ b/sound/soc/meson/aiu.c @@ -61,14 +61,14 @@ int aiu_of_xlate_dai_name(struct snd_soc_component *component, return -EINVAL; for_each_component_dais(component, dai) {
if (id == 0)
break;
if (id == 0) {
*dai_name = dai->driver->name;
return 0;
id--; }}
- *dai_name = dai->driver->name;
- return 0;
- return -EINVAL;
} static int aiu_cpu_of_xlate_dai_name(struct snd_soc_component *component,