[Linux-stable-mirror] [PATCH 3.2 49/94] ALSA: caiaq: Fix stray URB at probe error path

28 Dec 2017

3.2.97-rc1 review patch.  If anyone has any objections, please let me know.
------------------
From: Takashi Iwai tiwai@suse.de
commit 99fee508245825765ff60155fed43f970ff83a8f upstream.
caiaq driver doesn't kill the URB properly at its error path during
the probe, which may lead to a use-after-free error later.  This patch
addresses it.
Reported-by: Johan Hovold johan@kernel.org
Reviewed-by: Johan Hovold johan@kernel.org
Signed-off-by: Takashi Iwai tiwai@suse.de
[bwh: Backported to 3.2: s/cdev/dev/g]
Signed-off-by: Ben Hutchings ben@decadent.org.uk
---
 sound/usb/caiaq/device.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

--- a/sound/usb/caiaq/device.c
+++ b/sound/usb/caiaq/device.c
@@ -440,10 +440,12 @@ static int __devinit init_card(struct sn
err = snd_usb_caiaq_send_command(dev, EP1_CMD_GET_DEVICE_INFO, NULL, 0);
    if (err)
-		return err;
+		goto err_kill_urb;
-	if (!wait_event_timeout(dev->ep1_wait_queue, dev->spec_received, HZ))
-		return -ENODEV;
+	if (!wait_event_timeout(dev->ep1_wait_queue, dev->spec_received, HZ)) {
+		err = -ENODEV;
+		goto err_kill_urb;
+	}
usb_string(usb_dev, usb_dev->descriptor.iManufacturer,
    	   dev->vendor_name, CAIAQ_USB_STR_LEN);
@@ -479,6 +481,10 @@ static int __devinit init_card(struct sn
setup_card(dev);
    return 0;
+
+ err_kill_urb:
+	usb_kill_urb(&dev->ep1_in_urb);
+	return err;
 }
static int __devinit snd_probe(struct usb_interface *intf,

    

2024

2023

2022

2021

2020

2019

2018

2017

[Linux-stable-mirror] [PATCH 3.2 49/94] ALSA: caiaq: Fix stray URB at probe error path