From: Takashi Iwai <tiwai@suse.de>
To: Navid Emamdoost <navid.emamdoost@gmail.com>
Cc: emamd001@umn.edu, smccaman@umn.edu, kjlu@umn.edu,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Richard Fontana <rfontana@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ALSA: pci: Fix memory leak in snd_korg1212_create
Date: Mon, 28 Oct 2019 07:31:35 +0100 [thread overview]
Message-ID: <s5hmudlmldk.wl-tiwai@suse.de> (raw)
In-Reply-To: <20191027191206.30820-1-navid.emamdoost@gmail.com>
On Sun, 27 Oct 2019 20:12:04 +0100,
Navid Emamdoost wrote:
>
> In the implementation of snd_korg1212_create() the allocated memory for
> korg1212 is leaked in cases of error. Release korg1212 via
> snd_korg1212_free() if either of these calls fail:
> snd_korg1212_downloadDSPCode(), snd_pcm_new(), or snd_ctl_add().
This also leads to the double-free. The code path is after
snd_device_new() which has its own destructor callback.
thanks,
Takashi
>
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> ---
> sound/pci/korg1212/korg1212.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/sound/pci/korg1212/korg1212.c b/sound/pci/korg1212/korg1212.c
> index 0d81eac0a478..e976e857d915 100644
> --- a/sound/pci/korg1212/korg1212.c
> +++ b/sound/pci/korg1212/korg1212.c
> @@ -2367,8 +2367,10 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
>
> mdelay(CARD_BOOT_DELAY_IN_MS);
>
> - if (snd_korg1212_downloadDSPCode(korg1212))
> + if (snd_korg1212_downloadDSPCode(korg1212)) {
> + snd_korg1212_free(korg1212);
> return -EBUSY;
> + }
>
> K1212_DEBUG_PRINTK("korg1212: dspMemPhy = %08x U[%08x], "
> "PlayDataPhy = %08x L[%08x]\n"
> @@ -2383,8 +2385,11 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
> korg1212->RoutingTablePhy, LowerWordSwap(korg1212->RoutingTablePhy),
> korg1212->AdatTimeCodePhy, LowerWordSwap(korg1212->AdatTimeCodePhy));
>
> - if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0)
> + err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm);
> + if (err < 0) {
> + snd_korg1212_free(korg1212);
> return err;
> + }
>
> korg1212->pcm->private_data = korg1212;
> korg1212->pcm->private_free = snd_korg1212_free_pcm;
> @@ -2398,8 +2403,10 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
>
> for (i = 0; i < ARRAY_SIZE(snd_korg1212_controls); i++) {
> err = snd_ctl_add(korg1212->card, snd_ctl_new1(&snd_korg1212_controls[i], korg1212));
> - if (err < 0)
> + if (err < 0) {
> + snd_korg1212_free(korg1212);
> return err;
> + }
> }
>
> snd_korg1212_proc_init(korg1212);
> --
> 2.17.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Takashi Iwai <tiwai@suse.de>
To: Navid Emamdoost <navid.emamdoost@gmail.com>
Cc: alsa-devel@alsa-project.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kjlu@umn.edu, Takashi Iwai <tiwai@suse.com>,
Richard Fontana <rfontana@redhat.com>,
emamd001@umn.edu, smccaman@umn.edu,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org
Subject: Re: [alsa-devel] [PATCH] ALSA: pci: Fix memory leak in snd_korg1212_create
Date: Mon, 28 Oct 2019 07:31:35 +0100 [thread overview]
Message-ID: <s5hmudlmldk.wl-tiwai@suse.de> (raw)
In-Reply-To: <20191027191206.30820-1-navid.emamdoost@gmail.com>
On Sun, 27 Oct 2019 20:12:04 +0100,
Navid Emamdoost wrote:
>
> In the implementation of snd_korg1212_create() the allocated memory for
> korg1212 is leaked in cases of error. Release korg1212 via
> snd_korg1212_free() if either of these calls fail:
> snd_korg1212_downloadDSPCode(), snd_pcm_new(), or snd_ctl_add().
This also leads to the double-free. The code path is after
snd_device_new() which has its own destructor callback.
thanks,
Takashi
>
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> ---
> sound/pci/korg1212/korg1212.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/sound/pci/korg1212/korg1212.c b/sound/pci/korg1212/korg1212.c
> index 0d81eac0a478..e976e857d915 100644
> --- a/sound/pci/korg1212/korg1212.c
> +++ b/sound/pci/korg1212/korg1212.c
> @@ -2367,8 +2367,10 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
>
> mdelay(CARD_BOOT_DELAY_IN_MS);
>
> - if (snd_korg1212_downloadDSPCode(korg1212))
> + if (snd_korg1212_downloadDSPCode(korg1212)) {
> + snd_korg1212_free(korg1212);
> return -EBUSY;
> + }
>
> K1212_DEBUG_PRINTK("korg1212: dspMemPhy = %08x U[%08x], "
> "PlayDataPhy = %08x L[%08x]\n"
> @@ -2383,8 +2385,11 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
> korg1212->RoutingTablePhy, LowerWordSwap(korg1212->RoutingTablePhy),
> korg1212->AdatTimeCodePhy, LowerWordSwap(korg1212->AdatTimeCodePhy));
>
> - if ((err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm)) < 0)
> + err = snd_pcm_new(korg1212->card, "korg1212", 0, 1, 1, &korg1212->pcm);
> + if (err < 0) {
> + snd_korg1212_free(korg1212);
> return err;
> + }
>
> korg1212->pcm->private_data = korg1212;
> korg1212->pcm->private_free = snd_korg1212_free_pcm;
> @@ -2398,8 +2403,10 @@ static int snd_korg1212_create(struct snd_card *card, struct pci_dev *pci,
>
> for (i = 0; i < ARRAY_SIZE(snd_korg1212_controls); i++) {
> err = snd_ctl_add(korg1212->card, snd_ctl_new1(&snd_korg1212_controls[i], korg1212));
> - if (err < 0)
> + if (err < 0) {
> + snd_korg1212_free(korg1212);
> return err;
> + }
> }
>
> snd_korg1212_proc_init(korg1212);
> --
> 2.17.1
>
_______________________________________________
Alsa-devel mailing list
Alsa-devel@alsa-project.org
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
next prev parent reply other threads:[~2019-10-28 6:31 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-27 19:12 [PATCH] ALSA: pci: Fix memory leak in snd_korg1212_create Navid Emamdoost
2019-10-27 19:12 ` [alsa-devel] " Navid Emamdoost
2019-10-27 20:40 ` Markus Elfring
2019-10-27 20:40 ` [alsa-devel] " Markus Elfring
2019-10-27 20:40 ` Markus Elfring
2019-10-28 8:19 ` Markus Elfring
2019-10-28 8:19 ` [alsa-devel] " Markus Elfring
2019-10-28 8:19 ` Markus Elfring
2019-10-28 6:31 ` Takashi Iwai [this message]
2019-10-28 6:31 ` [alsa-devel] [PATCH] " Takashi Iwai
2019-10-28 9:00 ` [alsa-devel] ALSA: korg1212: Checking exception handling in snd_korg1212_create() Markus Elfring
2019-10-28 9:00 ` Markus Elfring
2019-10-28 9:00 ` Markus Elfring
2019-10-28 13:15 ` Takashi Iwai
2019-10-28 13:15 ` Takashi Iwai
2019-10-28 13:15 ` Takashi Iwai
2019-10-28 14:40 ` Markus Elfring
2019-10-28 14:40 ` Markus Elfring
2019-10-28 14:40 ` Markus Elfring
2019-10-28 14:44 ` Takashi Iwai
2019-10-28 14:44 ` Takashi Iwai
2019-10-28 14:44 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hmudlmldk.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=emamd001@umn.edu \
--cc=gregkh@linuxfoundation.org \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=navid.emamdoost@gmail.com \
--cc=perex@perex.cz \
--cc=rfontana@redhat.com \
--cc=smccaman@umn.edu \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.