On Tue, 09 Feb 2016 15:30:16 +0100, Jerome Marchand wrote:
Hi,
Before commit f24640648186b (ALSA: Use standard device refcount for card accounting), snd_card_free() would return -EINVAL on a null pointer. Now it ends up in a null pointer dereference. There is at least one driver that can call snd_card_free() with null argument: saa7134_alsa. It can easily be triggered by just inserting and removing the module (no need to have the hardware). I don't think that is a rule, but it seems that the standard behavior of *_free() functions is to check for null pointer. What do you think?
Well, I have a mixed feeling about this. Allowing NULL sometimes makes the code easier. OTOH, caling snd_card_free() with NULL is really an unexpected situation, and if a driver does it, most likely it does something weird.
So, at this moment, I would fix the caller side. But, it's not a final call, just my gut feeling.
thanks,
Takashi