Skip to content

Commit

Permalink
[ALSA] sound: fix PCM substream list
Browse files Browse the repository at this point in the history 
If snd_pcm_new_stream() fails to initalize a substream (if
snd_pcm_substream_proc_init() returns error), snd_pcm_new_stream()
immediately return without unlinking that kfree()d substram.
It causes oops when snd_pcm_free() iterates the list of substream to
free them by invalid reference.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
  • Loading branch information
Akinobu Mita authored and Jaroslav Kysela committed Dec 20, 2006
1 parent c13893d commit 4d36128
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions sound/core/pcm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,10 @@ int snd_pcm_new_stream(struct snd_pcm *pcm, int stream, int substream_count)
err = snd_pcm_substream_proc_init(substream);
if (err < 0) {
snd_printk(KERN_ERR "Error in snd_pcm_stream_proc_init\n");
if (prev == NULL)
pstr->substream = NULL;
else
prev->next = NULL;
kfree(substream);
return err;
}
Expand Down

0 comments on commit 4d36128

Please sign in to comment.