| Message ID | 1593083026-7501-1-git-send-email-piotrx.maziarz@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [alsa-lib,1/8] topology: decode: fix channel map memory allocation | expand |
On 6/25/20 6:03 AM, Piotr Maziarz wrote: > Without proper memory allocation behaviour was undefined. Maybe elaborate to explain that memory allocated on the stack was referenced outside of the function scope? > Signed-off-by: Piotr Maziarz <piotrx.maziarz@linux.intel.com> > --- > src/topology/ctl.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/src/topology/ctl.c b/src/topology/ctl.c > index 90241b6..c8c7e94 100644 > --- a/src/topology/ctl.c > +++ b/src/topology/ctl.c > @@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, > void *bin, size_t size) > { > struct snd_soc_tplg_enum_control *ec = bin; > - struct snd_tplg_channel_map_template cmt; > int i; > > if (size < sizeof(*ec)) { > @@ -1375,11 +1374,11 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, > } > } > > - et->map = &cmt; > - memset(&cmt, 0, sizeof(cmt)); > - cmt.num_channels = ec->num_channels; > - for (i = 0; i < cmt.num_channels; i++) { > - struct snd_tplg_channel_elem *channel = &cmt.channel[i]; > + et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template)); if (!et->map) return -ENOMEM; > + et->map->num_channels = ec->num_channels; > + for (i = 0; i < et->map->num_channels; i++) { > + struct snd_tplg_channel_elem *channel = &et->map->channel[i]; > + > tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec), > "enum: channel size %d", ec->channel[i].size); > channel->reg = ec->channel[i].reg; >
diff --git a/src/topology/ctl.c b/src/topology/ctl.c index 90241b6..c8c7e94 100644 --- a/src/topology/ctl.c +++ b/src/topology/ctl.c @@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, void *bin, size_t size) { struct snd_soc_tplg_enum_control *ec = bin; - struct snd_tplg_channel_map_template cmt; int i; if (size < sizeof(*ec)) { @@ -1375,11 +1374,11 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, } } - et->map = &cmt; - memset(&cmt, 0, sizeof(cmt)); - cmt.num_channels = ec->num_channels; - for (i = 0; i < cmt.num_channels; i++) { - struct snd_tplg_channel_elem *channel = &cmt.channel[i]; + et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template)); + et->map->num_channels = ec->num_channels; + for (i = 0; i < et->map->num_channels; i++) { + struct snd_tplg_channel_elem *channel = &et->map->channel[i]; + tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec), "enum: channel size %d", ec->channel[i].size); channel->reg = ec->channel[i].reg;
Without proper memory allocation behaviour was undefined. Signed-off-by: Piotr Maziarz <piotrx.maziarz@linux.intel.com> --- src/topology/ctl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)