Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 May 2024 17:53:55 GMT
From:      Christos Margiolis <christos@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: bca6f391aed9 - stable/14 - sound: Prevent uninitialized variable destruction in chn_init()
Message-ID:  <202405211753.44LHrtlf021658@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=bca6f391aed9ecc01d6b7f496ddb6a17311e4c2c

commit bca6f391aed9ecc01d6b7f496ddb6a17311e4c2c
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2024-05-20 14:14:25 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2024-05-21 17:45:41 +0000

    sound: Prevent uninitialized variable destruction in chn_init()
    
    If dsp_unit2name() fails, we'll get to out2 with b, bs and devinfo
    uninitialized, which will result in a panic.
    
    Reported by:    Pierre Pronchery <pierre@freebsdfoundation.org>
    Reported by:    Coverity Scan
    CID:            1545029, 1545025
    Pull-request:   https://github.com/freebsd/freebsd-src/pull/1240
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 day
    Reviewed by:    markj
    Differential Revision:  https://reviews.freebsd.org/D45272
    
    (cherry picked from commit 5d1a5d6f1f599a4fbea9634cbe5c77f7370e1a5d)
---
 sys/dev/sound/pcm/channel.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 039d9abb9da2..a18ef1cf4234 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -1236,6 +1236,8 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 	}
 
 	PCM_UNLOCK(d);
+	b = NULL;
+	bs = NULL;
 	c = malloc(sizeof(*c), M_DEVBUF, M_WAITOK | M_ZERO);
 	c->methods = kobj_create(cls, M_DEVBUF, M_WAITOK | M_ZERO);
 	c->type = type;
@@ -1257,8 +1259,6 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 	snprintf(c->name, sizeof(c->name), "%s:%s:%s",
 	    device_get_nameunit(c->dev), dirs, devname);
 
-	b = NULL;
-	bs = NULL;
 	CHN_INIT(c, children);
 	CHN_INIT(c, children.busy);
 	c->latency = -1;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405211753.44LHrtlf021658>