[alsa-devel] [PATCH - pulse 1/1] pulse: prevent double-free when pulse_hw_constraint returns error
From: Kui Wang wangkuisuper@hotmail.com
When pulse_hw_constraint returns error, snd_pcm_ioplug_delete() is called. It will then call pulse_close() where "snd_pcm_pulse_t *pcm" will be free. Then if goto the "error" label, the "snd_pcm_pulse_t *pcm" will be double-free.
To prevent this, just jump over the code which might cause double-free.
Signed-off-by: Kui Wang wangkuisuper@hotmail.com
diff --git a/pulse/pcm_pulse.c b/pulse/pcm_pulse.c index 5cb3452..a8983c6 100644 --- a/pulse/pcm_pulse.c +++ b/pulse/pcm_pulse.c @@ -1143,7 +1143,7 @@ SND_PCM_PLUGIN_DEFINE_FUNC(pulse) err = pulse_hw_constraint(pcm); if (err < 0) { snd_pcm_ioplug_delete(&pcm->io); - goto error; + goto error2; }
*pcmp = pcm->io.pcm; @@ -1156,6 +1156,7 @@ error: free(pcm->device); free(pcm);
+error2: if (fallback_name) return snd_pcm_open_fallback(pcmp, root, fallback_name, name, stream, mode);
On Thu, 13 Jul 2017 21:33:05 +0200, ? ? wrote:
From: Kui Wang wangkuisuper@hotmail.com
When pulse_hw_constraint returns error, snd_pcm_ioplug_delete() is called. It will then call pulse_close() where "snd_pcm_pulse_t *pcm" will be free. Then if goto the "error" label, the "snd_pcm_pulse_t *pcm" will be double-free.
To prevent this, just jump over the code which might cause double-free.
Signed-off-by: Kui Wang wangkuisuper@hotmail.com
Applied, thanks.
Takashi
participants (2)
-
? ? -
Takashi Iwai