[Sound-open-firmware] [PATCH] core: ipc: Fix error handling pointer deref
Liam Girdwood
liam.r.girdwood at linux.intel.com
Fri Mar 16 14:22:42 CET 2018
elem.next/prev can be accessed whilst NULL in certain error handling
conditions.
Signed-off-by: Liam Girdwood <liam.r.girdwood at linux.intel.com>
---
src/ipc/intel-ipc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/ipc/intel-ipc.c b/src/ipc/intel-ipc.c
index 4173a276..a9398229 100644
--- a/src/ipc/intel-ipc.c
+++ b/src/ipc/intel-ipc.c
@@ -254,6 +254,9 @@ static int ipc_stream_pcm_params(uint32_t stream)
cd->params = pcm_params->params;
#ifdef CONFIG_HOST_PTABLE
+
+ list_init(&elem_list);
+
/* use DMA to read in compressed page table ringbuffer from host */
err = get_page_descriptors(iipc, &pcm_params->params.buffer);
if (err < 0) {
@@ -264,7 +267,6 @@ static int ipc_stream_pcm_params(uint32_t stream)
/* Parse host tables */
host = (struct sof_ipc_comp_host *)&cd->comp;
ring_size = pcm_params->params.buffer.size;
- list_init(&elem_list);
err = parse_page_descriptors(iipc, &pcm_params->params.buffer,
&elem_list, host->direction);
@@ -650,6 +652,9 @@ static int ipc_dma_trace_config(uint32_t header)
trace_ipc_error("DA1");
#ifdef CONFIG_HOST_PTABLE
+
+ list_init(&elem_list);
+
/* use DMA to read in compressed page table ringbuffer from host */
err = get_page_descriptors(iipc, ¶ms->buffer);
if (err < 0) {
@@ -661,7 +666,6 @@ static int ipc_dma_trace_config(uint32_t header)
/* Parse host tables */
ring_size = params->buffer.size;
- list_init(&elem_list);
err = parse_page_descriptors(iipc, ¶ms->buffer,
&elem_list, SOF_IPC_STREAM_CAPTURE);
--
2.14.1
More information about the Sound-open-firmware
mailing list