1. Patchew
  2. linux
  3. View series

[PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session

Pei Xiao posted 1 patch 3 months, 2 weeks ago 
sound/usb/qcom/qc_audio_offload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session
Posted by Pei Xiao 3 months, 2 weeks ago 
The find_substream() call may return NULL, but the error path
dereferenced 'subs' unconditionally via dev_err(&subs->dev->dev, ...),
causing a NULL pointer dereference when subs is NULL.

Fix by switching to &uadev[idx].udev->dev which is always valid
in this context.

Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
---
v2: use uadev[idx].udev->dev
---
 sound/usb/qcom/qc_audio_offload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/usb/qcom/qc_audio_offload.c b/sound/usb/qcom/qc_audio_offload.c
index 5bc27c82e0af..975c1f93e48f 100644
--- a/sound/usb/qcom/qc_audio_offload.c
+++ b/sound/usb/qcom/qc_audio_offload.c
@@ -759,7 +759,7 @@ static void qmi_stop_session(void)
 			subs = find_substream(pcm_card_num, info->pcm_dev_num,
 					      info->direction);
 			if (!subs || !chip || atomic_read(&chip->shutdown)) {
-				dev_err(&subs->dev->dev,
+				dev_err(&uadev[idx].udev->dev,
 					"no sub for c#%u dev#%u dir%u\n",
 					info->pcm_card_num,
 					info->pcm_dev_num,
-- 
2.25.1
Re: [PATCH v2] ALSA: usb-audio: qcom: fix NULL pointer dereference in qmi_stop_session
Posted by Takashi Iwai 3 months, 2 weeks ago 
On Tue, 24 Jun 2025 11:00:47 +0200,
Pei Xiao wrote:
> 
> The find_substream() call may return NULL, but the error path
> dereferenced 'subs' unconditionally via dev_err(&subs->dev->dev, ...),
> causing a NULL pointer dereference when subs is NULL.
> 
> Fix by switching to &uadev[idx].udev->dev which is always valid
> in this context.
> 
> Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>

Applied now.  Thanks.


Takashi

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.