On Thu, 31 Mar 2016 18:05:43 +0200,
Vladis Dronov wrote:
>
> From: Vladis Dronov
> Subject: [PATCH] ALSA: usb-audio: Fix double-free in error paths after
> snd_usb_add_audio_stream() call
>
> create_fixed_stream_quirk(), snd_usb_parse_audio_interface() and
> create_uaxx_quirk() functions alloca
From: Vladis Dronov
Subject: [PATCH] ALSA: usb-audio: Fix double-free in error paths after
snd_usb_add_audio_stream() call
create_fixed_stream_quirk(), snd_usb_parse_audio_interface() and
create_uaxx_quirk() functions allocate the audioformat object by themselves
and free it upon error before re
On Thu, 31 Mar 2016 16:03:55 +0200,
Vladis Dronov wrote:
>
> Hello, Takashi, all,
>
> > No, it has nothing to do with the double-free bug itself. Such an
> > optimization shouldn't be put in a fix patch
>
> This piece of code move alone fixes the double-free bug in
> create_fixed_stream_quirk()
Hello, Takashi, all,
> No, it has nothing to do with the double-free bug itself. Such an
> optimization shouldn't be put in a fix patch
This piece of code move alone fixes the double-free bug in
create_fixed_stream_quirk(), so I believe it is related. Besides, a lot of stuff
is created and initi
On Thu, 31 Mar 2016 14:36:30 +0200,
Vladis Dronov wrote:
>
> Hello, Takashi, all,
>
> > > Thanks for the report. But how about a simpler fix like below?
> >
> > Maybe the one below is more straightforward (and even simpler).
> > Let me know if this works enough for you.
>
> 1) I would still sug
Hello, Takashi, all,
> > Thanks for the report. But how about a simpler fix like below?
>
> Maybe the one below is more straightforward (and even simpler).
> Let me know if this works enough for you.
1) I would still suggest moving the code in create_fixed_stream_quirk() (marked
as (*)) after "i
On Wed, 30 Mar 2016 22:31:15 +0200,
Takashi Iwai wrote:
>
> On Wed, 30 Mar 2016 21:03:22 +0200,
> Vladis Dronov wrote:
> >
> > There is a double-free bug in [snd-usb-audio] module due to alloc/free logic
> > flaw in snd_usb_add_audio_stream() function. This leads to kernel structures
> > corrupti
On Wed, 30 Mar 2016 21:03:22 +0200,
Vladis Dronov wrote:
>
> There is a double-free bug in [snd-usb-audio] module due to alloc/free logic
> flaw in snd_usb_add_audio_stream() function. This leads to kernel structures
> corruption and panic. Fix the code flow and alloc/free logic so there is no
> d
Hi Vladis,
[auto build test WARNING on sound/for-next]
[also build test WARNING on v4.6-rc1 next-20160330]
[if your patch is applied to the wrong git tree, please drop us a note to help
improving the system]
url:
https://github.com/0day-ci/linux/commits/Vladis-Dronov/ALSA-usb-audio-Fix-doubl
Hello, Takashi, Jaroslav, all,
Please, see the research and the following patch on a double-free bug in
[snd-usb-audio].
1) The upstream commits 0f886ca1, 902eb7fd and 447d6275f (many thanks to
Takashi Iwai) revealed that there is a double-free bug in [snd-usb-audio]
module due to alloc/free lo
There is a double-free bug in [snd-usb-audio] module due to alloc/free logic
flaw in snd_usb_add_audio_stream() function. This leads to kernel structures
corruption and panic. Fix the code flow and alloc/free logic so there is no
double-free.
The detailed analysis: https://bugzilla.redhat.com/show
11 matches
Mail list logo
