topology: decoder: fix wrong sizeof for enum control allocation in dapm

public inbox for alsa-devel@alsa-project.org
 help / color / mirror / Atom feed

* topology: decoder: fix wrong sizeof for enum control allocation in dapm
       [not found] <alsa-project/alsa-lib/pr/501@alsa-project.org>
@ 2026-03-23 15:16 ` GitHub pull_request - opened
  0 siblings, 0 replies; only message in thread
From: GitHub pull_request - opened @ 2026-03-23 15:16 UTC (permalink / raw)
  To: alsa-devel

alsa-project/alsa-lib pull request #501 was opened from kv2019i:

The tplg_calloc() call for enum control in the dapm widget kcontrol decode loop used sizeof(*mt) (mixer template) instead of sizeof(*et) (enum template). On 64-bit systems, snd_tplg_mixer_template is 72 bytes while snd_tplg_enum_template is 80 bytes, causing an 8-byte heap buffer overflow when the enum fields (texts, values pointers) were written past the allocated block. This resulted in heap corruption and e.g. glibc malloc hit an assert.

Request URL   : https://github.com/alsa-project/alsa-lib/pull/501
Patch URL     : https://github.com/alsa-project/alsa-lib/pull/501.patch
Repository URL: https://github.com/alsa-project/alsa-lib

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-03-23 15:16 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <alsa-project/alsa-lib/pr/501@alsa-project.org>
2026-03-23 15:16 ` topology: decoder: fix wrong sizeof for enum control allocation in dapm GitHub pull_request - opened

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox