mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 01:51:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/sound/core
History
Takashi Iwai e10425c542 ALSA: core: Fix double-free at snd_card_new() 
commit c3afa2a402 upstream.

During the code change to add the support for devres-managed card
instance, we put an explicit kfree(card) call at the error path in
snd_card_new().  This is needed for the early error path before the
card is initialized with the device, but is rather superfluous and
causes a double-free at the error path after the card instance is
initialized, as the destructor of the card object already contains a
kfree() call.

This patch fixes the double-free situation by removing the superfluous
kfree().  Meanwhile we need to call kfree() explicitly for the early
error path, so it's added there instead.

Fixes: e8ad415b7a ("ALSA: core: Add managed card creation")
Reported-by: Rondreis <linhaoguo86@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/CAB7eexL1zBnB636hwS27d-LdPYZ_R1-5fJS_h=ZbCWYU=UPWJg@mail.gmail.com
Link: https://lore.kernel.org/r/20220919123516.28222-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-28 11:11:40 +02:00
..
oss ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC 2022-09-15 11:30:02 +02:00
seq ALSA: seq: Fix data-race at module auto-loading 2022-09-08 12:28:08 +02:00
compress_offload.c ALSA: compress: Initialize mutex in snd_compress_new() 2021-07-15 10:22:38 +02:00
control.c ALSA: control: Use deferred fasync helper 2022-08-25 11:40:44 +02:00
control_compat.c ALSA: ctl: Fix copy of updated id with element read/write 2021-12-14 10:57:11 +01:00
control_led.c ALSA: core: control_led: use strscpy instead of strlcpy 2021-08-13 08:05:17 +02:00
ctljack.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
info.c ALSA: info: Fix llseek return value when using callback 2022-08-25 11:39:53 +02:00
info_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
init.c ALSA: core: Fix double-free at snd_card_new() 2022-09-28 11:11:40 +02:00
isadma.c ALSA: core: Add device-managed request_dma() 2021-07-19 16:16:34 +02:00
jack.c ALSA: jack: Access input_dev under mutex 2022-06-09 10:22:32 +02:00
Kconfig ALSA: control - add generic LED trigger module as the new control layer 2021-03-30 15:33:58 +02:00
Makefile ALSA: ISA: not for M68K 2021-11-25 09:48:28 +01:00
memalloc.c ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer 2021-11-18 19:17:08 +01:00
memalloc_local.h ALSA: memalloc: Minor refactoring 2021-08-04 08:07:46 +02:00
memory.c
misc.c ALSA: core: Add async signal helpers 2022-08-25 11:40:44 +02:00
pcm.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:22:55 +02:00
pcm_compat.c ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl 2021-10-11 18:10:47 +02:00
pcm_dmaengine.c ASoC: dmaengine_pcm: add peripheral configuration 2021-02-05 17:16:41 +00:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: iec958: Split status creation and fill 2021-06-08 17:05:41 +02:00
pcm_lib.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:22:55 +02:00
pcm_local.h ALSA: core: Abstract memory alloc helpers 2021-06-10 10:15:21 +02:00
pcm_memory.c ALSA: pcm: Check for null pointer of pointer substream before dereferencing it 2022-06-09 10:22:49 +02:00
pcm_misc.c ALSA: pcm: Test for "silence" field in struct "pcm_format_data" 2022-04-20 09:34:19 +02:00
pcm_native.c ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:22:55 +02:00
pcm_param_trace.h
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h
rawmidi.c ALSA: rawmidi - fix the uninitalized user_pversion 2021-12-29 12:28:50 +01:00
rawmidi_compat.c ALSA: rawmidi: Add framing mode 2021-05-17 16:02:44 +02:00
seq_device.c ALSA: seq: Fix a potential UAF by wrong private_free call order 2021-09-30 14:13:22 +02:00
sgbuf.c ALSA: memalloc: Fix mmap of SG-buffer with WC pages 2021-08-08 10:01:33 +02:00
sound.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
sound_oss.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
timer.c ALSA: timer: Use deferred fasync helper 2022-08-25 11:40:44 +02:00
timer_compat.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00