| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57722395.8080706@bfs.de>
Date: Tue, 28 Jun 2016 09:13:25 +0200
From: walter harms <wharms@....de>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
CC: perex@...ex.cz, tiwai@...e.com, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] ALSA: echoaudio: Fix memory allocation
Am 27.06.2016 21:06, schrieb Christophe JAILLET:
> 'commpage_bak' is allocated with 'sizeof(struct echoaudio)' bytes.
> We then copy 'sizeof(struct comm_page)' bytes in it.
> On my system, smatch complains because one is 2960 and the other is 3072.
>
> This would result in memory corruption or a oops.
>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> ---
> sound/pci/echoaudio/echoaudio.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
> index 1cb85ae..286f5e3 100644
> --- a/sound/pci/echoaudio/echoaudio.c
> +++ b/sound/pci/echoaudio/echoaudio.c
> @@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device *dev)
> u32 pipe_alloc_mask;
> int err;
>
> - commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL);
> + commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL);
> if (commpage_bak == NULL)
> return -ENOMEM;
> commpage = chip->comm_page;
> - memcpy(commpage_bak, commpage, sizeof(struct comm_page));
> + memcpy(commpage_bak, commpage, sizeof(*commpage));
>
> err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device);
> if (err < 0) {
perhaps you can use here kmemdup() ?
re,
wh
Powered by blists - more mailing lists