[SRU][F][PATCH 1/1] ALSA: usb-audio: fix null pointer dereference on pointer cs_desc

[Tim Whisonant]

From: Chengfeng Ye <cyeaa at connect.ust.hk>

The pointer cs_desc return from snd_usb_find_clock_source could
be null, so there is a potential null pointer dereference issue.
Fix this by adding a null check before dereference.

Signed-off-by: Chengfeng Ye <cyeaa at connect.ust.hk>
Link: https://lore.kernel.org/r/20211024111736.11342-1-cyeaa@connect.ust.hk
Signed-off-by: Takashi Iwai <tiwai at suse.de>
(backported from commit b97053df0f04747c3c1e021ecbe99db675342954)
[tswhison: Adjusted context using the following reference commits
from Jammy.
9ec730052fa26 ("ALSA: usb-audio: Refactoring UAC2/3 clock setup code")
ce39adb0197b2 ("ALSA: usb-audio: fix null pointer dereference on
pointer cs_desc")]
CVE-2021-47211
Signed-off-by: Tim Whisonant <tim.whisonant at canonical.com>
---
 sound/usb/clock.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sound/usb/clock.c b/sound/usb/clock.c
index 58902275c8152..d745cccec3937 100644
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -646,11 +646,19 @@ static int set_sample_rate_v2v3(struct snd_usb_audio *chip, int iface,
 		struct uac3_clock_source_descriptor *cs_desc;
 
 		cs_desc = snd_usb_find_clock_source_v3(chip->ctrl_intf, clock);
+
+		if (!cs_desc)
+			return 0;
+
 		bmControls = le32_to_cpu(cs_desc->bmControls);
 	} else {
 		struct uac_clock_source_descriptor *cs_desc;
 
 		cs_desc = snd_usb_find_clock_source(chip->ctrl_intf, clock);
+
+		if (!cs_desc)
+			return 0;
+
 		bmControls = cs_desc->bmControls;
 	}
 
-- 
2.43.0