[alsa-devel] [2/2] ASoC: samsung: odroid: fix a double-free issue for cpu_dai
wen.yang99 at zte.com.cn
wen.yang99 at zte.com.cn
Mon Jul 15 03:49:13 CEST 2019
> > The cpu_dai variable is still being used after the of_node_put() call,
>
> Such an implementation detail is questionable.
> https://wiki.sei.cmu.edu/confluence/display/c/MEM30-C.+Do+not+access+freed+memory
>
>
> > which may result in double-free:
>
> This consequence is also undesirable.
> https://cwe.mitre.org/data/definitions/415.html
>
>
> Now I wonder if two update steps are really appropriate as a fix
> instead of using a single update step for the desired correction
> in this software module.
> Should a commit (including previous ones) usually be correct by itself?
Thanks.
These two updates fix two different bugs.
One of them is the use-after-free issue introduced by bc3cf17b575a:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=bc3cf17b575a7a97b4af7ddcf86133175da7a582
- ret = snd_soc_of_get_dai_link_codecs(dev, codec, link);
+ cpu_dai = of_parse_phandle(cpu, "sound-dai", 0);
+ of_node_put(cpu);
+ of_node_put(codec);
+
+ ret = snd_soc_of_get_dai_link_codecs(dev, codec, codec_link);
if (ret < 0)
goto err_put_codec_n;
and the other is the double-free issue introduced by d832d2b246c5:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/sound/soc/samsung/odroid.c?id=d832d2b246c516eacb2d0ba53ec17ed59c3cd62b#n318
and n303, n308.
So we sent two patches to fix them separately.
--
Regards,
Wen
More information about the Alsa-devel
mailing list