Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit c7ab134e authored by Sultanxda's avatar Sultanxda Committed by Jens Lody
Browse files

ASoC: core: Don't assign an out-of-bounds address to rtd_aux 



When card->num_aux_devs is zero, card->rtd_aux is assigned an out-of-bounds
address.

This was found by KASan at runtime:
==================================================================
BUG: KASAN: slab-out-of-bounds in msm_audrx_init+0xaa8/0xba4 at addr ffffffc14021ec18
Read of size 8 by task kworker/u8:9/264
page:ffffffbdc5008000 count:1 mapcount:0 mapping:          (null) index:0x0
flags: 0x4000000000004000(head)
page dumped because: kasan: bad access detected
CPU: 3 PID: 264 Comm: kworker/u8:9 Tainted: G    B   W      3.18.31-Sultan #39
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3.0 + PMI8996 MTP (DT)
Workqueue: deferwq deferred_probe_work_func
Call trace:
[<ffffffc00008a7bc>] dump_backtrace+0x0/0x298
[<ffffffc00008aa68>] show_stack+0x14/0x1c
[<ffffffc000fa8134>] dump_stack+0x98/0xc0
[<ffffffc0001b1a44>] kasan_report+0x3a4/0x4e8
[<ffffffc0001b115c>] __asan_load8+0x24/0x7c
[<ffffffc000cf47b4>] msm_audrx_init+0xaa8/0xba4
[<ffffffc000c293f4>] snd_soc_register_card+0x10ac/0x1c04
[<ffffffc000cf564c>] msm8996_asoc_machine_probe+0xd9c/0xf1c
[<ffffffc000670a8c>] platform_drv_probe+0x50/0xa4
[<ffffffc00066ecd4>] driver_probe_device+0x114/0x2e0
[<ffffffc00066eee0>] __device_attach+0x40/0x64
[<ffffffc00066cf20>] bus_for_each_drv+0xac/0xdc
[<ffffffc00066f058>] device_attach+0x94/0xc0
[<ffffffc00066d218>] bus_probe_device+0x48/0xf0
[<ffffffc00066e53c>] deferred_probe_work_func+0xa0/0xd0
[<ffffffc0000c229c>] process_one_work+0x324/0x50c
[<ffffffc0000c2928>] worker_thread+0x4a4/0x624
[<ffffffc0000c9808>] kthread+0x138/0x14c
Memory state around the buggy address:
 ffffffc14021eb00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 ffffffc14021eb80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 >ffffffc14021ec00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
                             ^
 ffffffc14021ec80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 ffffffc14021ed00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================

Change-Id: I5e5cf2f672753c483917142b6ebf1330995b20a5
Signed-off-by: default avatarSultanxda <sultanxda@gmail.com>
Signed-off-by: default avatarSimao Gomes Viana <xdevs23@outlook.com>
parent 9951c5bd
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment