| From 9c6795a9b3cbb56a9fbfaf43909c5c22999ba317 Mon Sep 17 00:00:00 2001 |
| From: Christophe JAILLET <christophe.jaillet@wanadoo.fr> |
| Date: Mon, 27 Jun 2016 21:06:51 +0200 |
| Subject: ALSA: echoaudio: Fix memory allocation |
| |
| From: Christophe JAILLET <christophe.jaillet@wanadoo.fr> |
| |
| commit 9c6795a9b3cbb56a9fbfaf43909c5c22999ba317 upstream. |
| |
| 'commpage_bak' is allocated with 'sizeof(struct echoaudio)' bytes. |
| We then copy 'sizeof(struct comm_page)' bytes in it. |
| On my system, smatch complains because one is 2960 and the other is 3072. |
| |
| This would result in memory corruption or a oops. |
| |
| Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> |
| Signed-off-by: Takashi Iwai <tiwai@suse.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| sound/pci/echoaudio/echoaudio.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/sound/pci/echoaudio/echoaudio.c |
| +++ b/sound/pci/echoaudio/echoaudio.c |
| @@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device |
| u32 pipe_alloc_mask; |
| int err; |
| |
| - commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL); |
| + commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL); |
| if (commpage_bak == NULL) |
| return -ENOMEM; |
| commpage = chip->comm_page; |
| - memcpy(commpage_bak, commpage, sizeof(struct comm_page)); |
| + memcpy(commpage_bak, commpage, sizeof(*commpage)); |
| |
| err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device); |
| if (err < 0) { |
