| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <s5ha7g9l6ea.wl-tiwai@suse.de>
Date: Mon, 29 Apr 2019 07:36:29 +0200
From: Takashi Iwai <tiwai@...e.de>
To: "Wenwen Wang" <wang6495@....edu>
Cc: "moderated list:SOUND" <alsa-devel@...a-project.org>,
"Kees Cook" <keescook@...omium.org>,
"Jaroslav Kysela" <perex@...ex.cz>,
"open list" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ALSA: usx2y: fix a memory leak bug
On Sun, 28 Apr 2019 09:18:40 +0200,
Takashi Iwai wrote:
>
> On Sun, 28 Apr 2019 08:42:32 +0200,
> Wenwen Wang wrote:
> >
> > In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
> > and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
> > kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
> > sanity check is performed for the endpoint in the urb by invoking
> > usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
> > returned. In that case, however, the created urb and the allocated buffer
> > are not freed, leading to memory leaks.
> >
> > To fix the above issue, free the urb and the buffer if the check fails.
> >
> > Signed-off-by: Wenwen Wang <wang6495@....edu>
>
> Applied now, thanks.
... and looking at the code again, this patch turned out to be wrong.
The in04 urb and transfer buffer are freed at card->private_free
callback (snd_usX2Y_card_private_free()) later, so this patch would
lead to double-free.
I dropped the patch now.
thanks,
Takashi
Powered by blists - more mailing lists