Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp648859pxb;
        Tue, 2 Feb 2021 14:19:14 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxs+O09Grjlr072hwvPz0JfyskrWBgLEcnLqRKmfRNY6CE7ZyaKVGEvyQfAgh/MUxLqVvlc
X-Received: by 2002:a17:906:c010:: with SMTP id e16mr135937ejz.91.1612304354267;
        Tue, 02 Feb 2021 14:19:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612304354; cv=none;
        d=google.com; s=arc-20160816;
        b=iXj9/oV4fdbvCjQ6LAg7If/FIc+eJ3IM1Q5lm/Vz8X03Ws9T99mIPwS3H/kDN152X4
         Des+UVUOPYgmnqhCfsBmVoMGPTLVuB5Qw2HUGalMnRuqnOvLezz2fwjz900SlFeiRR8A
         NqVHyqqd7TYdZVxWePhBH8Jlr+vIpoS1Z0UYi+rcYqX+aoR+MRx7BqvogGdNeY5MVPSV
         JHvO7Ck8gBMzoDpXgU6LFR+N+Xh9gFhEW56Qtnv9ALuDxd7uzyMc/UzxTL0+dmVklb6+
         wzYOJckIYhZq7Fklrt00Cy1yppZfEnYCRh2MQbxhCVfPel3uCkz9drFqYmiTKNTfmi/k
         HiAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=o2eluDH0FSUsdb2ym3tevYhZ1S6tDjAsWyYl/4Eyk50=;
        b=tl8zzcch2oGyxo/xutH7t2mZ0+QZFdbylC/FWDNPoBKnR3hIKkITSBrRSO8aNewlnj
         Z1Qh5/2OEUDOH3WKKbmv80Tha79XKrIQkVX+ox3FL4zEFMJRikXmiOHKg08hNgUsfzDz
         MmhO0I0Nv5Utr9g/EsLQzl/u1sdq1/cnCPRw2jc+YEDfD4Qw7tHm0yst2YvwazXivoij
         HE2buD8+Uvj6giULH0EfQYSxQNXRyj8JvfpzcO6VUK+6Nen1ENLBfrStcF1RCi2+Bgzd
         BOerQ+BU0c0TBKtnov8fHs2tKV4qMtWgthq0Aub+W3jA8nKYPEatzTXTuMZ2O51Hluzq
         RRxA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mpYhRAgb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id du19si127294ejc.206.2021.02.02.14.18.46;
        Tue, 02 Feb 2021 14:19:14 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mpYhRAgb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233731AbhBBODG (ORCPT <rfc822;luelistan@gmail.com> + 99 others);
        Tue, 2 Feb 2021 09:03:06 -0500
Received: from mail.kernel.org ([198.145.29.99]:42464 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233371AbhBBN4n (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Feb 2021 08:56:43 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id D9A2F64FE1;
        Tue,  2 Feb 2021 13:45:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1612273527;
        bh=WfRDzh4AJiM/mJTdUa1rnNMF78ojs4v9BhHYuu1qvr8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=mpYhRAgbJpTLvjS15yQeUuyRlBUIvwSVNC2JPPv0HjDEbhJ561UMNSOCFgUJc/aKk
         bYUsvWm/e+sMKm1xTlMzKFUYSW0KMFwFE+bfVqlwJx74SKSqNJB50cChFZM77r3GlI
         ArCx1x8wnK1Da4S9sIM5SAWD4QlHAUIA4/cCH1U8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
        Mark Brown <broonie@kernel.org>
Subject: [PATCH 5.10 138/142] ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values()
Date:   Tue,  2 Feb 2021 14:38:21 +0100
Message-Id: <20210202133003.384069100@linuxfoundation.org>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210202132957.692094111@linuxfoundation.org>
References: <20210202132957.692094111@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dan Carpenter <dan.carpenter@oracle.com>

commit 543466ef3571069b8eb13a8ff7c7cfc8d8a75c43 upstream.

The allocation uses sizeof(u32) when it should use sizeof(unsigned long)
so it leads to memory corruption later in the function when the data is
initialized.

Fixes: 5aebe7c7f9c2 ("ASoC: topology: fix endianness issues")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YAf+8QZoOv+ct526@mwanda
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/soc/soc-topology.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/soc/soc-topology.c
+++ b/sound/soc/soc-topology.c
@@ -987,7 +987,7 @@ static int soc_tplg_denum_create_values(
 		return -EINVAL;
 
 	se->dobj.control.dvalues = kzalloc(le32_to_cpu(ec->items) *
-					   sizeof(u32),
+					   sizeof(*se->dobj.control.dvalues),
 					   GFP_KERNEL);
 	if (!se->dobj.control.dvalues)
 		return -ENOMEM;