* [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization
@ 2010-11-29 11:43 Dimitris Papastamos
2010-11-30 12:05 ` Liam Girdwood
2010-11-30 12:54 ` Mark Brown
0 siblings, 2 replies; 3+ messages in thread
From: Dimitris Papastamos @ 2010-11-29 11:43 UTC (permalink / raw)
To: Mark Brown, Liam Girdwood; +Cc: alsa-devel, patches
The bitmap_zero() nbits argument was improperly set to reg_size
but the underlying buffer was bmp_size long. This caused the memset
to zero past the end of the allocated buffer and into the kernel heap
causing strange kernel crashes sometimes by overwriting critical
kernel structures.
Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
---
sound/soc/soc-cache.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c
index 9b1ba33..5143984 100644
--- a/sound/soc/soc-cache.c
+++ b/sound/soc/soc-cache.c
@@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec)
ret = -ENOMEM;
goto err;
}
- bitmap_zero(sync_bmp, reg_size);
+ bitmap_zero(sync_bmp, bmp_size);
/* allocate the lzo blocks and initialize them */
for (i = 0; i < blkcount; ++i) {
--
1.7.3.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization
2010-11-29 11:43 [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization Dimitris Papastamos
@ 2010-11-30 12:05 ` Liam Girdwood
2010-11-30 12:54 ` Mark Brown
1 sibling, 0 replies; 3+ messages in thread
From: Liam Girdwood @ 2010-11-30 12:05 UTC (permalink / raw)
To: Dimitris Papastamos; +Cc: alsa-devel, Mark Brown, patches
On Mon, 2010-11-29 at 11:43 +0000, Dimitris Papastamos wrote:
> The bitmap_zero() nbits argument was improperly set to reg_size
> but the underlying buffer was bmp_size long. This caused the memset
> to zero past the end of the allocated buffer and into the kernel heap
> causing strange kernel crashes sometimes by overwriting critical
> kernel structures.
>
> Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
> ---
> sound/soc/soc-cache.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c
> index 9b1ba33..5143984 100644
> --- a/sound/soc/soc-cache.c
> +++ b/sound/soc/soc-cache.c
> @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec)
> ret = -ENOMEM;
> goto err;
> }
> - bitmap_zero(sync_bmp, reg_size);
> + bitmap_zero(sync_bmp, bmp_size);
>
> /* allocate the lzo blocks and initialize them */
> for (i = 0; i < blkcount; ++i) {
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
--
Freelance Developer, SlimLogic Ltd
ASoC and Voltage Regulator Maintainer.
http://www.slimlogic.co.uk
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization
2010-11-29 11:43 [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization Dimitris Papastamos
2010-11-30 12:05 ` Liam Girdwood
@ 2010-11-30 12:54 ` Mark Brown
1 sibling, 0 replies; 3+ messages in thread
From: Mark Brown @ 2010-11-30 12:54 UTC (permalink / raw)
To: Dimitris Papastamos; +Cc: alsa-devel, patches, Liam Girdwood
On Mon, Nov 29, 2010 at 11:43:33AM +0000, Dimitris Papastamos wrote:
> The bitmap_zero() nbits argument was improperly set to reg_size
> but the underlying buffer was bmp_size long. This caused the memset
> to zero past the end of the allocated buffer and into the kernel heap
> causing strange kernel crashes sometimes by overwriting critical
> kernel structures.
Applied, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-11-30 12:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-29 11:43 [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization Dimitris Papastamos
2010-11-30 12:05 ` Liam Girdwood
2010-11-30 12:54 ` Mark Brown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.