At Tue, 31 May 2011 14:48:43 +0200, alex dot baldacchino dot alsasub at gmail dot com wrote:
Hello, I've noticed at some point function snd_ctl_hw_open() calls snd_ctl_new() to allocate memory for variable snd_ctl_t *ctl; then it tries to handle an error condition, but, regardless of such an error, memory locations pointed by ctl are accessed and filled in (eventually with invalid data, since the error causes 'fd' to be closed and 'hw' to be freed). Since ctl could point a random area in case of allocation failure, perhaps the function should return if such an error occurs and avoid dereferencing it. An easy fix would be the following, unless I'm missing something.
Thanks, applied the fix now.
Takashi
control_hw.patch
--- old/src/control/control_hw.c 2011-05-31 14:20:12.975999400 +0200 +++ new/src/control/control_hw.c 2011-05-31 14:21:35.559999388 +0200 @@ -414,6 +414,7 @@ if (err < 0) { close(fd); free(hw);
} ctl->ops = &snd_ctl_hw_ops; ctl->private_data = hw;return err;
Alsa-devel mailing list Alsa-devel@alsa-project.org http://mailman.alsa-project.org/mailman/listinfo/alsa-devel