| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 04 Mar 2016 16:30:51 +0100
From: Willy Tarreau <w@....eu>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Andrey Konovalov <andreyknvl@...il.com>,
Clemens Ladisch <clemens@...isch.de>,
Takashi Iwai <tiwai@...e.de>,
Ben Hutchings <ben@...adent.org.uk>, Willy Tarreau <w@....eu>
Subject: [PATCH 2.6.32 51/55] ALSA: usb-audio: avoid freeing umidi object twice
2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Konovalov <andreyknvl@...il.com>
commit 07d86ca93db7e5cdf4743564d98292042ec21af7 upstream.
The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
when tearing down the rawmidi interface. So we shouldn't try to free it
in snd_usbmidi_create() after having registered the rawmidi interface.
Found by KASAN.
Signed-off-by: Andrey Konovalov <andreyknvl@...il.com>
Acked-by: Clemens Ladisch <clemens@...isch.de>
Signed-off-by: Takashi Iwai <tiwai@...e.de>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
[wt: file is sound/midi/usbmidi.c in 2.6.32]
Signed-off-by: Willy Tarreau <w@....eu>
---
sound/usb/usbmidi.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/usb/usbmidi.c b/sound/usb/usbmidi.c
index 64d8d2e..366020a 100644
--- a/sound/usb/usbmidi.c
+++ b/sound/usb/usbmidi.c
@@ -1947,7 +1947,6 @@ int snd_usb_create_midi_interface(struct snd_usb_audio* chip,
else
err = snd_usbmidi_create_endpoints(umidi, endpoints);
if (err < 0) {
- snd_usbmidi_free(umidi);
return err;
}
--
1.7.12.2.21.g234cd45.dirty
Powered by blists - more mailing lists