[alsa-devel] [patch] ASoC: dapm: using freed pointer in dapm_kcontrol_add_widget()
Olof Johansson
olof at lixom.net
Wed Jul 31 20:17:36 CEST 2013
Hi,
On Wed, Jul 31, 2013 at 2:02 AM, Lars-Peter Clausen <lars at metafoo.de> wrote:
> On 07/31/2013 10:52 AM, Dan Carpenter wrote:
>>
>> There is a typo here so we end up using the old freed pointer instead of
>> the newly allocated one. (If the "n" is zero then the code works,
>> obviously).
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
>
> Thanks.
>
> Acked-by: Lars-Peter Clausen <lars at metafoo.de>
>
> Olof, can you check whether this fixes the crash you see?
Nope.
There's also remaining issues with the code, that patch isn't enough.
The structure that is krealloced() has a list_head in it, but the list
isn't moved from the old head to the new one. There's no safe way to
do that using krealloc, since the old list_head is gone by then, so
it's probably easest to open-code with kzalloc/memcpy/kfree.
But even with that fixed, I still see the same issue. Boggle.
(Btw, I'm testing on top of commit 5106b92f80a2cd37c52cffed80b4f5acfb77ccfd).
-Olof
More information about the Alsa-devel
mailing list