[alsa-devel] [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization
Liam Girdwood
lrg at slimlogic.co.uk
Tue Nov 30 13:05:00 CET 2010
On Mon, 2010-11-29 at 11:43 +0000, Dimitris Papastamos wrote:
> The bitmap_zero() nbits argument was improperly set to reg_size
> but the underlying buffer was bmp_size long. This caused the memset
> to zero past the end of the allocated buffer and into the kernel heap
> causing strange kernel crashes sometimes by overwriting critical
> kernel structures.
>
> Signed-off-by: Dimitris Papastamos <dp at opensource.wolfsonmicro.com>
> ---
> sound/soc/soc-cache.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c
> index 9b1ba33..5143984 100644
> --- a/sound/soc/soc-cache.c
> +++ b/sound/soc/soc-cache.c
> @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec)
> ret = -ENOMEM;
> goto err;
> }
> - bitmap_zero(sync_bmp, reg_size);
> + bitmap_zero(sync_bmp, bmp_size);
>
> /* allocate the lzo blocks and initialize them */
> for (i = 0; i < blkcount; ++i) {
Acked-by: Liam Girdwood <lrg at slimlogic.co.uk>
--
Freelance Developer, SlimLogic Ltd
ASoC and Voltage Regulator Maintainer.
http://www.slimlogic.co.uk
More information about the Alsa-devel
mailing list