On Sun, Oct 27, 2019 at 9:15 PM Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com wrote:
On 10/27/19 4:53 PM, Navid Emamdoost wrote:
In the implementation of sof_set_get_large_ctrl_data() there is a memory leak in case an error. Release partdata if sof_get_ctrl_copy_params() fails.
Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly") Signed-off-by: Navid Emamdoost navid.emamdoost@gmail.com
Acked-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com
May I ask which tool you used to find those issues, looks like we have a gap here?
We are developing a research tool to find such cases. Not sure what gap you are referring to, but we statically track the allocation and look for an appropriate release/assignment of the pointer.
sound/soc/sof/ipc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c index b2f359d2f7e5..086eeeab8679 100644 --- a/sound/soc/sof/ipc.c +++ b/sound/soc/sof/ipc.c @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev, else err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata, sparams);
if (err < 0)
if (err < 0) {kfree(partdata); return err;} msg_bytes = sparams->msg_bytes; pl_size = sparams->pl_size;
-- Navid.