Memory allocated on the stack was referenced outside of the function scope caused undefined behaviour.
Signed-off-by: Piotr Maziarz piotrx.maziarz@linux.intel.com --- src/topology/ctl.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/topology/ctl.c b/src/topology/ctl.c index 90241b6..6e6c1d1 100644 --- a/src/topology/ctl.c +++ b/src/topology/ctl.c @@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, void *bin, size_t size) { struct snd_soc_tplg_enum_control *ec = bin; - struct snd_tplg_channel_map_template cmt; int i;
if (size < sizeof(*ec)) { @@ -1375,11 +1374,13 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, } }
- et->map = &cmt; - memset(&cmt, 0, sizeof(cmt)); - cmt.num_channels = ec->num_channels; - for (i = 0; i < cmt.num_channels; i++) { - struct snd_tplg_channel_elem *channel = &cmt.channel[i]; + et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template)); + if (!et->map) + return -ENOMEM; + et->map->num_channels = ec->num_channels; + for (i = 0; i < et->map->num_channels; i++) { + struct snd_tplg_channel_elem *channel = &et->map->channel[i]; + tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec), "enum: channel size %d", ec->channel[i].size); channel->reg = ec->channel[i].reg;