On Sat, 05 Dec 2015 01:00:29 +0100, Shuah Khan wrote:
Fix the out of bounds access in media_entity_init() found by KASan. This is a result of media_mixer_init() failing to allocate memory for all 3 of its pads before calling media_entity_init(). Fix it to allocate memory for the right struct media_mixer_ctl instead of struct media_ctl.
Signed-off-by: Shuah Khan shuahkh@osg.samsung.com
This patch fixes the mixer patch below: https://patchwork.linuxtv.org/patch/31827/
sound/usb/media.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/usb/media.c b/sound/usb/media.c index bebe27b..0cb44b9 100644 --- a/sound/usb/media.c +++ b/sound/usb/media.c @@ -233,8 +233,8 @@ int media_mixer_init(struct snd_usb_audio *chip) if (mixer->media_mixer_ctl) continue;
/* allocate media_ctl */mctl = kzalloc(sizeof(struct media_ctl), GFP_KERNEL);
/* allocate media_mixer_ctl */mctl = kzalloc(sizeof(struct media_mixer_ctl), GFP_KERNEL);
Isn't it better to use sizeof(*mctl)?
Takashi