DivestOS/Patches/Linux_CVEs/CVE-2017-8246/3.4/0001.patch
2017-11-07 22:03:58 -05:00

91 lines
2.7 KiB
Diff

From ac8b4b8f6976c6f63704c2f1e3dc464bfa6a5256 Mon Sep 17 00:00:00 2001
From: Xiaojun Sang <xsang@codeaurora.org>
Date: Fri, 24 Feb 2017 16:13:20 +0800
Subject: [PATCH] BACKPORT: ASoC: msm: qdsp6v2: set pointer to NULL after free.
Pointer after kfree is not sanitized.
Set pointer to NULL.
CRs-Fixed: 2008031
Change-Id: Ia59a57fcd142a6ed18d168992b8da4019314afa4
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Signed-off-by: Bikshapathi Kothapeta <bkotha@codeaurora.org>
---
diff --git a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
index 3284380..f4a9a4d 100644
--- a/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-compr-q6-v2.c
@@ -391,6 +391,7 @@
SNDRV_PCM_STREAM_PLAYBACK);
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ compr->prtd = NULL;
return 0;
}
diff --git a/sound/soc/msm/qdsp6v2/msm-multi-ch-pcm-q6-v2.c b/sound/soc/msm/qdsp6v2/msm-multi-ch-pcm-q6-v2.c
index 98401d9..f93029c 100644
--- a/sound/soc/msm/qdsp6v2/msm-multi-ch-pcm-q6-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-multi-ch-pcm-q6-v2.c
@@ -503,6 +503,7 @@
multi_ch_pcm_audio.prtd = NULL;
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}
@@ -595,6 +596,7 @@
SNDRV_PCM_STREAM_CAPTURE);
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}
diff --git a/sound/soc/msm/qdsp6v2/msm-pcm-afe-v2.c b/sound/soc/msm/qdsp6v2/msm-pcm-afe-v2.c
index b6ecaa6..68a6b3d 100644
--- a/sound/soc/msm/qdsp6v2/msm-pcm-afe-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-pcm-afe-v2.c
@@ -396,6 +396,7 @@
mutex_unlock(&prtd->lock);
prtd->prepared--;
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}
static int msm_afe_prepare(struct snd_pcm_substream *substream)
diff --git a/sound/soc/msm/qdsp6v2/msm-pcm-lpa-v2.c b/sound/soc/msm/qdsp6v2/msm-pcm-lpa-v2.c
index a6c8f16..9c575a5 100644
--- a/sound/soc/msm/qdsp6v2/msm-pcm-lpa-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-pcm-lpa-v2.c
@@ -391,6 +391,7 @@
pr_debug("%s\n", __func__);
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}
diff --git a/sound/soc/msm/qdsp6v2/msm-pcm-q6-v2.c b/sound/soc/msm/qdsp6v2/msm-pcm-q6-v2.c
index 57ccea1..f5846ca 100644
--- a/sound/soc/msm/qdsp6v2/msm-pcm-q6-v2.c
+++ b/sound/soc/msm/qdsp6v2/msm-pcm-q6-v2.c
@@ -446,6 +446,7 @@
SNDRV_PCM_STREAM_PLAYBACK);
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}
@@ -538,6 +539,7 @@
SNDRV_PCM_STREAM_CAPTURE);
q6asm_audio_client_free(prtd->audio_client);
kfree(prtd);
+ runtime->private_data = NULL;
return 0;
}