8 Nov
2010
8 Nov
'10
5:58 p.m.
The file sound/pci/ctxfi/ctpcm.c contains the functions ct_pcm_playback_open and ct_pcm_capture_open that contain the following pattern of code:
runtime->private_data = apcm; ... if (err < 0) { kfree(apcm); return err; }
I wonder if this leaves a dangling pointer to apcm in runtime? The function ct_atc_pcm_free_substream on the other hand does set the private_data field to NULL after freeing apcm. But perhaps there is something in the calling context of open that ensures that if the open function fails, the private_data field of runtime will never be used?
thanks, julia