[alsa-devel] [PATCH] ASoC: Fix freeing of incompletely initialized snd_soc_dapm_context
Tzung-Bi Shih
tzungbi at google.com
Fri Jun 7 17:02:37 CEST 2019
On Fri, Jun 7, 2019 at 10:18 PM Sylwester Nawrocki
<s.nawrocki at samsung.com> wrote:
>
> When soc_init_dai_link() call at the beginning of snd_soc_instantiate_card
> function fails soc_cleanup_card_resources() and then snd_soc_dapm_free()
> gets called with an incompletely initialized card->dapm. In particular
> card->dapm.card is NULL and it gets dereferenced in dapm_free_widgets().
> Also dapm->list is invalid and there is an invalid pointer dereference
> from list_del().
>
You don't need to do this. In my original patch
(https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=for-next&id=70fc53734e71ce51f46dfcfd1a1c319e1cfe080c),
soc_cleanup_card_resources() should not be called if
soc_init_dai_link() returns fail.
I found there is a merge conflict. Kuninori Morimoto removed some
legacy code (i.e. soc_cleanup_platform() -> soc_cleanup_legacy()) at
the same time (https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=for-next&id=adb76b5b9c4740a11f6ad6c68764515961ae8ade).
But, the conflict was not fixed correctly
(https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=for-next&id=a8e992342ce4cd173d437d0aa4eecc9e30489f72),
the soc_cleanup_platform() turns to soc_cleanup_card_resources().
Based on current for-next branch, we could simply remove the
soc_cleanup_card_resources() call.
More information about the Alsa-devel
mailing list