2025-02-26 01:54:17
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compress(). In the trace the codec_dai transfers from card->dai_link, and we can see from the snd_soc_add_pcm_runtime() in snd_soc_bind_card() that, if value of card->dai_link->num_codecs is 0, then codec_dai could be null pointer caused by index out of bound in asoc_rtd_to_codec(rtd, 0). And snd_soc_register_card() is called by various platforms. Therefore, it is better to add the check in the case of misusing. And because cpu_dai has already checked in soc_init_pcm_runtime(), there is no need to check again. Adding the check as follow, then if codec_dai is null, snd_soc_new_compress() will not pass through the check if (playback + capture != 1), avoiding the leftover use of codec_dai.