On 6/25/20 6:03 AM, Piotr Maziarz wrote:
Without proper memory allocation behaviour was undefined.
Maybe elaborate to explain that memory allocated on the stack was referenced outside of the function scope?
Signed-off-by: Piotr Maziarz piotrx.maziarz@linux.intel.com
src/topology/ctl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/topology/ctl.c b/src/topology/ctl.c index 90241b6..c8c7e94 100644 --- a/src/topology/ctl.c +++ b/src/topology/ctl.c @@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, void *bin, size_t size) { struct snd_soc_tplg_enum_control *ec = bin;
struct snd_tplg_channel_map_template cmt; int i;
if (size < sizeof(*ec)) {
@@ -1375,11 +1374,11 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, } }
- et->map = &cmt;
- memset(&cmt, 0, sizeof(cmt));
- cmt.num_channels = ec->num_channels;
- for (i = 0; i < cmt.num_channels; i++) {
struct snd_tplg_channel_elem *channel = &cmt.channel[i];
- et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template));
if (!et->map) return -ENOMEM;
- et->map->num_channels = ec->num_channels;
- for (i = 0; i < et->map->num_channels; i++) {
struct snd_tplg_channel_elem *channel = &et->map->channel[i];
- tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec), "enum: channel size %d", ec->channel[i].size); channel->reg = ec->channel[i].reg;