From: walter harms <wharms@bfs.de>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: perex@perex.cz, tiwai@suse.com, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] ALSA: echoaudio: Fix memory allocation
Date: Tue, 28 Jun 2016 09:13:25 +0200 [thread overview]
Message-ID: <57722395.8080706@bfs.de> (raw)
In-Reply-To: <1467054411-19752-1-git-send-email-christophe.jaillet@wanadoo.fr>
Am 27.06.2016 21:06, schrieb Christophe JAILLET:
> 'commpage_bak' is allocated with 'sizeof(struct echoaudio)' bytes.
> We then copy 'sizeof(struct comm_page)' bytes in it.
> On my system, smatch complains because one is 2960 and the other is 3072.
>
> This would result in memory corruption or a oops.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> sound/pci/echoaudio/echoaudio.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
> index 1cb85ae..286f5e3 100644
> --- a/sound/pci/echoaudio/echoaudio.c
> +++ b/sound/pci/echoaudio/echoaudio.c
> @@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device *dev)
> u32 pipe_alloc_mask;
> int err;
>
> - commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL);
> + commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL);
> if (commpage_bak == NULL)
> return -ENOMEM;
> commpage = chip->comm_page;
> - memcpy(commpage_bak, commpage, sizeof(struct comm_page));
> + memcpy(commpage_bak, commpage, sizeof(*commpage));
>
> err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device);
> if (err < 0) {
perhaps you can use here kmemdup() ?
re,
wh
WARNING: multiple messages have this Message-ID (diff)
From: walter harms <wharms@bfs.de>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: perex@perex.cz, tiwai@suse.com, alsa-devel@alsa-project.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] ALSA: echoaudio: Fix memory allocation
Date: Tue, 28 Jun 2016 07:13:25 +0000 [thread overview]
Message-ID: <57722395.8080706@bfs.de> (raw)
In-Reply-To: <1467054411-19752-1-git-send-email-christophe.jaillet@wanadoo.fr>
Am 27.06.2016 21:06, schrieb Christophe JAILLET:
> 'commpage_bak' is allocated with 'sizeof(struct echoaudio)' bytes.
> We then copy 'sizeof(struct comm_page)' bytes in it.
> On my system, smatch complains because one is 2960 and the other is 3072.
>
> This would result in memory corruption or a oops.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> sound/pci/echoaudio/echoaudio.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
> index 1cb85ae..286f5e3 100644
> --- a/sound/pci/echoaudio/echoaudio.c
> +++ b/sound/pci/echoaudio/echoaudio.c
> @@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device *dev)
> u32 pipe_alloc_mask;
> int err;
>
> - commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL);
> + commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL);
> if (commpage_bak = NULL)
> return -ENOMEM;
> commpage = chip->comm_page;
> - memcpy(commpage_bak, commpage, sizeof(struct comm_page));
> + memcpy(commpage_bak, commpage, sizeof(*commpage));
>
> err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device);
> if (err < 0) {
perhaps you can use here kmemdup() ?
re,
wh
next prev parent reply other threads:[~2016-06-28 7:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-27 19:06 [PATCH] ALSA: echoaudio: Fix memory allocation Christophe JAILLET
2016-06-27 19:06 ` Christophe JAILLET
2016-06-27 20:28 ` Takashi Iwai
2016-06-27 20:28 ` Takashi Iwai
2016-06-27 20:28 ` Takashi Iwai
2016-06-28 7:13 ` walter harms [this message]
2016-06-28 7:13 ` walter harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57722395.8080706@bfs.de \
--to=wharms@bfs.de \
--cc=alsa-devel@alsa-project.org \
--cc=christophe.jaillet@wanadoo.fr \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.