ALSA: timer - Fix Oops at closing slave timer
authorTakashi Iwai <tiwai@suse.de>
Mon, 8 Aug 2011 10:24:46 +0000 (12:24 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 16 Aug 2011 01:31:36 +0000 (18:31 -0700)
commit 0584ffa548b6e59aceb027112f23a55f0133400e upstream.

A slave-timer instance has no timer reference, and this results in
NULL-dereference at stopping the timer, typically called at closing
the device.

Reference: https://bugzilla.kernel.org/show_bug.cgi?id=40682

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
sound/core/timer.c

index 7c1cbf0a0dc4098326e587ee30b1ed268c460a45..950eed0c098e69e128f0ce8448a2a6f4c5fb7bca 100644 (file)
@@ -531,6 +531,8 @@ int snd_timer_stop(struct snd_timer_instance *timeri)
        if (err < 0)
                return err;
        timer = timeri->timer;
+       if (!timer)
+               return -EINVAL;
        spin_lock_irqsave(&timer->lock, flags);
        timeri->cticks = timeri->ticks;
        timeri->pticks = 0;