[alsa-devel] [2/2] ASoC: samsung: odroid: fix a double-free issue for cpu_dai

wen.yang99 at zte.com.cn wen.yang99 at zte.com.cn
Mon Jul 15 03:49:13 CEST 2019


> > The cpu_dai variable is still being used after the of_node_put() call,
> 
> Such an implementation detail is questionable.
> https://wiki.sei.cmu.edu/confluence/display/c/MEM30-C.+Do+not+access+freed+memory
> 
> 
> > which may result in double-free:
> 
> This consequence is also undesirable.
> https://cwe.mitre.org/data/definitions/415.html
> 
> 
> Now I wonder if two update steps are really appropriate as a fix
> instead of using a single update step for the desired correction
> in this software module.
> Should a commit (including previous ones) usually be correct by itself?

Thanks.
These two updates fix two different bugs.

One of them is the use-after-free issue introduced by bc3cf17b575a:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=bc3cf17b575a7a97b4af7ddcf86133175da7a582

-       ret = snd_soc_of_get_dai_link_codecs(dev, codec, link);
+       cpu_dai = of_parse_phandle(cpu, "sound-dai", 0);
+       of_node_put(cpu);
+       of_node_put(codec);
+
+       ret = snd_soc_of_get_dai_link_codecs(dev, codec, codec_link);
        if (ret < 0)
                goto err_put_codec_n;

and the other is the double-free issue introduced by d832d2b246c5:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/sound/soc/samsung/odroid.c?id=d832d2b246c516eacb2d0ba53ec17ed59c3cd62b#n318
and n303, n308.

So we sent two patches to fix them separately.

--
Regards,
Wen


More information about the Alsa-devel mailing list