[alsa-devel] [PATCH] ASoC: Fix use after free
Lars-Peter Clausen
lars at metafoo.de
Wed Mar 12 08:34:39 CET 2014
Freeing the current list element while iterating over the list will cause a use
after free since the iterator function will still use the current element to
look up the next. Use list_for_each_safe() and remove the element from the list
before freeing it to avoid this.
Fixes: 1438c2f60b ("ASoC: Add a per component dai list")
Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Lars-Peter Clausen <lars at metafoo.de>
---
sound/soc/soc-core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index f67cef4..dac616d 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3928,11 +3928,12 @@ static inline char *fmt_multiple_name(struct device *dev,
*/
static void snd_soc_unregister_dais(struct snd_soc_component *component)
{
- struct snd_soc_dai *dai;
+ struct snd_soc_dai *dai, *_dai;
- list_for_each_entry(dai, &component->dai_list, list) {
+ list_for_each_entry_safe(dai, _dai, &component->dai_list, list) {
dev_dbg(component->dev, "ASoC: Unregistered DAI '%s'\n",
dai->name);
+ list_del(&dai->list);
kfree(dai->name);
kfree(dai);
}
--
1.8.0
More information about the Alsa-devel
mailing list