ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card

In try_to_register_card(), the return value of usb_ifnum_to_if() is
passed directly to usb_interface_claimed() without a NULL check, which
will lead to a NULL pointer dereference when creating an invalid
USB audio device. Fix this by adding a check to ensure the interface
pointer is valid before passing it to usb_interface_claimed().

Fixes: 39efc9c8a973 ("ALSA: usb-audio: Fix last interface check for registration")
Closes: https://lore.kernel.org/all/CANypQFYtQxHL5ghREs-BujZG413RPJGnO5TH=xjFBKpPts33tA@mail.gmail.com/
Signed-off-by: Jiaming Zhang <r772577952@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/usb/card.c b/sound/usb/card.c
index 1d5a65eac9335028cfeabd2d80b389e364477387..270dad84d825e31264d910e79ffe5d4b7f56edd2 100644 (file)
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -891,10 +891,16 @@ get_alias_quirk(struct usb_device *dev, unsigned int id)
  */
 static int try_to_register_card(struct snd_usb_audio *chip, int ifnum)
 {
+       struct usb_interface *iface;
+
        if (check_delayed_register_option(chip) == ifnum ||
-           chip->last_iface == ifnum ||
-           usb_interface_claimed(usb_ifnum_to_if(chip->dev, chip->last_iface)))
+           chip->last_iface == ifnum)
+               return snd_card_register(chip->card);
+
+       iface = usb_ifnum_to_if(chip->dev, chip->last_iface);
+       if (iface && usb_interface_claimed(iface))
                return snd_card_register(chip->card);
+
        return 0;
 }