ALSA: firewire-tascam: fix NULL pointer dereference when model identification fails
When unsupported models are connected, snd-firewire-tascam module causes NULL pointer dereference in fw_core_remove_address_handler() (due to list_del_rcu()). This commit prevents this bug. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Takashi Sakamoto
Takashi Iwai
parent
360a824568
commit
5d2560a427
@ -230,6 +230,7 @@ int snd_tscm_transaction_register(struct snd_tscm *tscm)
|
|||||||
return err;
|
return err;
|
||||||
error:
|
error:
|
||||||
fw_core_remove_address_handler(&tscm->async_handler);
|
fw_core_remove_address_handler(&tscm->async_handler);
|
||||||
|
tscm->async_handler.callback_data = NULL;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -276,6 +277,9 @@ void snd_tscm_transaction_unregister(struct snd_tscm *tscm)
|
|||||||
__be32 reg;
|
__be32 reg;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
|
if (tscm->async_handler.callback_data == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
/* Turn off FireWire LED. */
|
/* Turn off FireWire LED. */
|
||||||
reg = cpu_to_be32(0x0000008e);
|
reg = cpu_to_be32(0x0000008e);
|
||||||
snd_fw_transaction(tscm->unit, TCODE_WRITE_QUADLET_REQUEST,
|
snd_fw_transaction(tscm->unit, TCODE_WRITE_QUADLET_REQUEST,
|
||||||
@ -297,6 +301,8 @@ void snd_tscm_transaction_unregister(struct snd_tscm *tscm)
|
|||||||
®, sizeof(reg), 0);
|
®, sizeof(reg), 0);
|
||||||
|
|
||||||
fw_core_remove_address_handler(&tscm->async_handler);
|
fw_core_remove_address_handler(&tscm->async_handler);
|
||||||
|
tscm->async_handler.callback_data = NULL;
|
||||||
|
|
||||||
for (i = 0; i < TSCM_MIDI_OUT_PORT_MAX; i++)
|
for (i = 0; i < TSCM_MIDI_OUT_PORT_MAX; i++)
|
||||||
snd_fw_async_midi_port_destroy(&tscm->out_ports[i]);
|
snd_fw_async_midi_port_destroy(&tscm->out_ports[i]);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user