1. Patchew
  2. linux
  3. View series

[PATCH 0/8] ALSA: check snd_ctl_new1() return before dereferencing

Ruoyu Wang posted 8 patches 1 day ago 
sound/isa/es18xx.c              | 4 ++++
sound/isa/gus/gus_pcm.c        | 2 ++
sound/pci/cmipci.c             | 6 ++++++
sound/pci/es1938.c             | 2 ++
sound/pci/ice1712/aureon.c     | 2 ++
sound/pci/ice1712/ice1712.c    | 8 ++++++++
sound/pci/ice1712/ice1724.c    | 6 ++++++
sound/pci/ymfpci/ymfpci_main.c | 6 ++++++
8 files changed, 36 insertions(+)
[PATCH 0/8] ALSA: check snd_ctl_new1() return before dereferencing
Posted by Ruoyu Wang 1 day ago 
Several ALSA drivers dereference the pointer returned by snd_ctl_new1()
to adjust id.device, id.index, or store bookkeeping pointers before
calling snd_ctl_add().  snd_ctl_new1() can return NULL on allocation
failure, making these writes a NULL pointer dereference.

This series adds NULL checks to all affected call sites found by static
analysis.

Ruoyu Wang (8):
  ALSA: es18xx: check control allocation before private data setup
  ALSA: gus: check PCM volume control allocation
  ALSA: cmipci: check S/PDIF control allocations
  ALSA: es1938: check control allocation before private data setup
  ALSA: ice1712: aureon: check CS8415 control allocation
  ALSA: ice1712: check pro S/PDIF control allocations
  ALSA: ice1724: check S/PDIF control allocations
  ALSA: ymfpci: check S/PDIF control allocations

 sound/isa/es18xx.c              | 4 ++++
 sound/isa/gus/gus_pcm.c        | 2 ++
 sound/pci/cmipci.c             | 6 ++++++
 sound/pci/es1938.c             | 2 ++
 sound/pci/ice1712/aureon.c     | 2 ++
 sound/pci/ice1712/ice1712.c    | 8 ++++++++
 sound/pci/ice1712/ice1724.c    | 6 ++++++
 sound/pci/ymfpci/ymfpci_main.c | 6 ++++++
 8 files changed, 36 insertions(+)

--
2.34.1
Re: [PATCH 0/8] ALSA: check snd_ctl_new1() return before dereferencing
Posted by Takashi Iwai 19 hours ago 
On Sun, 07 Jun 2026 04:56:05 +0200,
Ruoyu Wang wrote:
> 
> Several ALSA drivers dereference the pointer returned by snd_ctl_new1()
> to adjust id.device, id.index, or store bookkeeping pointers before
> calling snd_ctl_add().  snd_ctl_new1() can return NULL on allocation
> failure, making these writes a NULL pointer dereference.
> 
> This series adds NULL checks to all affected call sites found by static
> analysis.
> 
> Ruoyu Wang (8):
>   ALSA: es18xx: check control allocation before private data setup
>   ALSA: gus: check PCM volume control allocation
>   ALSA: cmipci: check S/PDIF control allocations
>   ALSA: es1938: check control allocation before private data setup
>   ALSA: ice1712: aureon: check CS8415 control allocation
>   ALSA: ice1712: check pro S/PDIF control allocations
>   ALSA: ice1724: check S/PDIF control allocations
>   ALSA: ymfpci: check S/PDIF control allocations

Some of them seems to have been already applied or conflicting.
Please rebase on the latest for-next branch of sound.git tree and
resubmit.


thanks,

Takashi

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.