Skip to content

Commit

Permalink
ASoC: soc-cache: Fix memory overflow in LZO initialization
Browse files Browse the repository at this point in the history 
The bitmap_zero() nbits argument was improperly set to reg_size
but the underlying buffer was bmp_size long.  This caused the memset
to zero past the end of the allocated buffer and into the kernel heap
causing strange kernel crashes sometimes by overwriting critical
kernel structures.

Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
  • Loading branch information
Dimitris Papastamos authored and Mark Brown committed Nov 30, 2010
1 parent dfa7c70 commit 09c74a9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion sound/soc/soc-cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec)
ret = -ENOMEM;
goto err;
}
bitmap_zero(sync_bmp, reg_size);
bitmap_zero(sync_bmp, bmp_size);

/* allocate the lzo blocks and initialize them */
for (i = 0; i < blkcount; ++i) {
Expand Down

0 comments on commit 09c74a9

Please sign in to comment.