• Takashi Iwai's avatar
    ALSA: usb-audio: Fix potential use-after-free of streams · ff58bbc7
    Takashi Iwai authored
    With the recent full-duplex support of implicit feedback streams, an
    endpoint can be still running after closing the capture stream as long
    as the playback stream with the sync-endpoint is running.  In such a
    state, the URBs are still be handled and they may call retire_data_urb
    callback, which tries to transfer the data from the PCM buffer.  Since
    the PCM stream gets closed, this may lead to use-after-free.
    
    This patch adds the proper clearance of the callback at stopping the
    capture stream for addressing the possible UAF above.
    
    Fixes: 10ce77e4 ("ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback")
    Link: https://lore.kernel.org/r/20200616120921.12249-1-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    ff58bbc7
pcm.c 50 KB