[alsa-devel] [alsa-lib] Possible bug in function 'snd_ctl_hw_open', file control_hw.c
Takashi Iwai
tiwai at suse.de
Fri Jun 3 17:38:28 CEST 2011
At Tue, 31 May 2011 14:48:43 +0200,
alex dot baldacchino dot alsasub at gmail dot com wrote:
>
> Hello,
> I've noticed at some point function snd_ctl_hw_open() calls
> snd_ctl_new() to allocate memory for variable snd_ctl_t *ctl; then it
> tries to handle an error condition, but, regardless of such an error,
> memory locations pointed by ctl are accessed and filled in (eventually
> with invalid data, since the error causes 'fd' to be closed and 'hw'
> to be freed). Since ctl could point a random area in case of
> allocation failure, perhaps the function should return if such an
> error occurs and avoid dereferencing it. An easy fix would be the
> following, unless I'm missing something.
Thanks, applied the fix now.
Takashi
>
> ------------------------------------------------------
> control_hw.patch
> --------------------------------------------------------------
> --- old/src/control/control_hw.c 2011-05-31 14:20:12.975999400 +0200
> +++ new/src/control/control_hw.c 2011-05-31 14:21:35.559999388 +0200
> @@ -414,6 +414,7 @@
> if (err < 0) {
> close(fd);
> free(hw);
> + return err;
> }
> ctl->ops = &snd_ctl_hw_ops;
> ctl->private_data = hw;
> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel at alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
>
More information about the Alsa-devel
mailing list