Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 May 2024 14:14:44 GMT
From:      Christos Margiolis <christos@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 5d1a5d6f1f59 - main - sound: Prevent uninitialized variable destruction in chn_init()
Message-ID:  <202405201414.44KEEiQm014329@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=5d1a5d6f1f599a4fbea9634cbe5c77f7370e1a5d

commit 5d1a5d6f1f599a4fbea9634cbe5c77f7370e1a5d
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2024-05-20 14:14:25 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2024-05-20 14:14:25 +0000

    sound: Prevent uninitialized variable destruction in chn_init()
    
    If dsp_unit2name() fails, we'll get to out2 with b, bs and devinfo
    uninitialized, which will result in a panic.
    
    Reported by:    Pierre Pronchery <pierre@freebsdfoundation.org>
    Reported by:    Coverity Scan
    CID:            1545029, 1545025
    Pull-request:   https://github.com/freebsd/freebsd-src/pull/1240
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 day
    Reviewed by:    markj
    Differential Revision:  https://reviews.freebsd.org/D45272
---
 sys/dev/sound/pcm/channel.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 039d9abb9da2..a18ef1cf4234 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -1236,6 +1236,8 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 	}
 
 	PCM_UNLOCK(d);
+	b = NULL;
+	bs = NULL;
 	c = malloc(sizeof(*c), M_DEVBUF, M_WAITOK | M_ZERO);
 	c->methods = kobj_create(cls, M_DEVBUF, M_WAITOK | M_ZERO);
 	c->type = type;
@@ -1257,8 +1259,6 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 	snprintf(c->name, sizeof(c->name), "%s:%s:%s",
 	    device_get_nameunit(c->dev), dirs, devname);
 
-	b = NULL;
-	bs = NULL;
 	CHN_INIT(c, children);
 	CHN_INIT(c, children.busy);
 	c->latency = -1;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405201414.44KEEiQm014329>