mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-01 19:06:25 -05:00
38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
From ee8413b01045c74340aa13ad5bdf905de32be736 Mon Sep 17 00:00:00 2001
|
|
From: Takashi Iwai <tiwai@suse.de>
|
|
Date: Wed, 13 Jan 2016 21:35:06 +0100
|
|
Subject: ALSA: timer: Fix double unlink of active_list
|
|
|
|
ALSA timer instance object has a couple of linked lists and they are
|
|
unlinked unconditionally at snd_timer_stop(). Meanwhile
|
|
snd_timer_interrupt() unlinks it, but it calls list_del() which leaves
|
|
the element list itself unchanged. This ends up with unlinking twice,
|
|
and it was caught by syzkaller fuzzer.
|
|
|
|
The fix is to use list_del_init() variant properly there, too.
|
|
|
|
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
|
Tested-by: Dmitry Vyukov <dvyukov@google.com>
|
|
Cc: <stable@vger.kernel.org>
|
|
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
---
|
|
sound/core/timer.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/sound/core/timer.c b/sound/core/timer.c
|
|
index 31f40f0..9241784df 100644
|
|
--- a/sound/core/timer.c
|
|
+++ b/sound/core/timer.c
|
|
@@ -694,7 +694,7 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left)
|
|
} else {
|
|
ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
|
|
if (--timer->running)
|
|
- list_del(&ti->active_list);
|
|
+ list_del_init(&ti->active_list);
|
|
}
|
|
if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) ||
|
|
(ti->flags & SNDRV_TIMER_IFLG_FAST))
|
|
--
|
|
cgit v1.1
|
|
|