From: Takashi Iwai <tiwai@suse.de>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
alsa-devel@alsa-project.org
Subject: Re: [PATCH] ALSA: usb-audio: Fix a potential memory leak in scarlett2_init_notify()
Date: Mon, 04 Sep 2023 16:08:15 +0200 [thread overview]
Message-ID: <87ledmjak0.wl-tiwai@suse.de> (raw)
In-Reply-To: <a0387d53-a08f-5e0c-c3a5-681ab5545150@wanadoo.fr>
On Sun, 03 Sep 2023 21:42:55 +0200,
Christophe JAILLET wrote:
>
> Le 03/09/2023 à 18:37, Takashi Iwai a écrit :
> > On Sun, 03 Sep 2023 17:04:47 +0200,
> ...
>
> > Indeed. The fix would be rather a oneliner like below, though:
>
> Looks much better than mine :)
>
> I let you send the patch, it is your solution.
>
>
>
> Just for my understanding, how is snd_ump_ops used, especially .open?
> I've not been able to figure out where it was called.
It's called via rawmidi open (the snd_ump_endpoint is a sort of child
class of snd_rawmidi).
> In alloc_midi_urbs(), if usb_alloc_coherent() fails, then
> ctx->urb->transfer_buffer could be anything because usb_fill_xxx_urb()
> is not called.
> So there could be an edge case where your fix could still be incomplete.
Each URB is allocated in the loop via usb_alloc_urb(), and it does
zero-initialize the object, hence the buffer is supposed to be NULL
until it's set up via usb_fill_xxx().
thanks,
Takashi
> For the start_input_streams() caller, this is fine, because the
> corresponding memory is kzalloc()'ed in start_input_streams() at some
> point, but I've not been able to check for snd_usb_midi_v2_open().
>
> CJ
>
> >
> > --- a/sound/usb/midi2.c
> > +++ b/sound/usb/midi2.c
> > @@ -265,7 +265,7 @@ static void free_midi_urbs(struct snd_usb_midi2_endpoint *ep)
> > if (!ep)
> > return;
> > - for (i = 0; i < ep->num_urbs; ++i) {
> > + for (i = 0; i < NUM_URBS; ++i) {
> > ctx = &ep->urbs[i];
> > if (!ctx->urb)
> > break;
> >
> > That was the intended behavior of free_midi_urbs().
> >
> >
> > Takashi
> >
>
next prev parent reply other threads:[~2023-09-04 14:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-03 13:06 [PATCH] ALSA: usb-audio: Fix a potential memory leak in scarlett2_init_notify() Christophe JAILLET
2023-09-03 14:23 ` Takashi Iwai
2023-09-03 15:04 ` Christophe JAILLET
2023-09-03 16:37 ` Takashi Iwai
2023-09-03 19:42 ` Christophe JAILLET
2023-09-04 14:08 ` Takashi Iwai [this message]
2023-09-05 5:39 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ledmjak0.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=christophe.jaillet@wanadoo.fr \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.