| Message ID | 20191027215330.12729-1-navid.emamdoost@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 45c1380358b12bf2d1db20a5874e9544f56b34ab |
| Headers | show |
| Series | ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data | expand |
On Sun, Oct 27, 2019 at 9:15 PM Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> wrote: > > > > On 10/27/19 4:53 PM, Navid Emamdoost wrote: > > In the implementation of sof_set_get_large_ctrl_data() there is a memory > > leak in case an error. Release partdata if sof_get_ctrl_copy_params() > > fails. > > > > Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly") > > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > > Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> > > May I ask which tool you used to find those issues, looks like we have a > gap here? We are developing a research tool to find such cases. Not sure what gap you are referring to, but we statically track the allocation and look for an appropriate release/assignment of the pointer. > > > --- > > sound/soc/sof/ipc.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c > > index b2f359d2f7e5..086eeeab8679 100644 > > --- a/sound/soc/sof/ipc.c > > +++ b/sound/soc/sof/ipc.c > > @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev, > > else > > err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata, > > sparams); > > - if (err < 0) > > + if (err < 0) { > > + kfree(partdata); > > return err; > > + } > > > > msg_bytes = sparams->msg_bytes; > > pl_size = sparams->pl_size; > > -- Navid.
diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c index b2f359d2f7e5..086eeeab8679 100644 --- a/sound/soc/sof/ipc.c +++ b/sound/soc/sof/ipc.c @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev, else err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata, sparams); - if (err < 0) + if (err < 0) { + kfree(partdata); return err; + } msg_bytes = sparams->msg_bytes; pl_size = sparams->pl_size;
In the implementation of sof_set_get_large_ctrl_data() there is a memory leak in case an error. Release partdata if sof_get_ctrl_copy_params() fails. Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly") Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> --- sound/soc/sof/ipc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)