In the implementation of sof_set_get_large_ctrl_data() there is a memory
leak in case an error. Release partdata if sof_get_ctrl_copy_params()
fails.
Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly")
Signed-off-by: Navid Emamdoost <[email protected]>
---
sound/soc/sof/ipc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
index b2f359d2f7e5..086eeeab8679 100644
--- a/sound/soc/sof/ipc.c
+++ b/sound/soc/sof/ipc.c
@@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
else
err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
sparams);
- if (err < 0)
+ if (err < 0) {
+ kfree(partdata);
return err;
+ }
msg_bytes = sparams->msg_bytes;
pl_size = sparams->pl_size;
--
2.17.1
On 10/27/19 4:53 PM, Navid Emamdoost wrote:
> In the implementation of sof_set_get_large_ctrl_data() there is a memory
> leak in case an error. Release partdata if sof_get_ctrl_copy_params()
> fails.
>
> Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly")
> Signed-off-by: Navid Emamdoost <[email protected]>
Acked-by: Pierre-Louis Bossart <[email protected]>
May I ask which tool you used to find those issues, looks like we have a
gap here?
> ---
> sound/soc/sof/ipc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
> index b2f359d2f7e5..086eeeab8679 100644
> --- a/sound/soc/sof/ipc.c
> +++ b/sound/soc/sof/ipc.c
> @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
> else
> err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
> sparams);
> - if (err < 0)
> + if (err < 0) {
> + kfree(partdata);
> return err;
> + }
>
> msg_bytes = sparams->msg_bytes;
> pl_size = sparams->pl_size;
>
The patch
ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
has been applied to the asoc tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.4
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
From 45c1380358b12bf2d1db20a5874e9544f56b34ab Mon Sep 17 00:00:00 2001
From: Navid Emamdoost <[email protected]>
Date: Sun, 27 Oct 2019 16:53:24 -0500
Subject: [PATCH] ASoC: SOF: ipc: Fix memory leak in
sof_set_get_large_ctrl_data
In the implementation of sof_set_get_large_ctrl_data() there is a memory
leak in case an error. Release partdata if sof_get_ctrl_copy_params()
fails.
Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly")
Signed-off-by: Navid Emamdoost <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
---
sound/soc/sof/ipc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
index b2f359d2f7e5..086eeeab8679 100644
--- a/sound/soc/sof/ipc.c
+++ b/sound/soc/sof/ipc.c
@@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
else
err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
sparams);
- if (err < 0)
+ if (err < 0) {
+ kfree(partdata);
return err;
+ }
msg_bytes = sparams->msg_bytes;
pl_size = sparams->pl_size;
--
2.20.1
On Sun, Oct 27, 2019 at 9:15 PM Pierre-Louis Bossart
<[email protected]> wrote:
>
>
>
> On 10/27/19 4:53 PM, Navid Emamdoost wrote:
> > In the implementation of sof_set_get_large_ctrl_data() there is a memory
> > leak in case an error. Release partdata if sof_get_ctrl_copy_params()
> > fails.
> >
> > Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly")
> > Signed-off-by: Navid Emamdoost <[email protected]>
>
> Acked-by: Pierre-Louis Bossart <[email protected]>
>
> May I ask which tool you used to find those issues, looks like we have a
> gap here?
We are developing a research tool to find such cases. Not sure what
gap you are referring to, but we statically track the allocation and
look for an appropriate release/assignment of the pointer.
>
> > ---
> > sound/soc/sof/ipc.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
> > index b2f359d2f7e5..086eeeab8679 100644
> > --- a/sound/soc/sof/ipc.c
> > +++ b/sound/soc/sof/ipc.c
> > @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
> > else
> > err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
> > sparams);
> > - if (err < 0)
> > + if (err < 0) {
> > + kfree(partdata);
> > return err;
> > + }
> >
> > msg_bytes = sparams->msg_bytes;
> > pl_size = sparams->pl_size;
> >
--
Navid.