| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEkB2ETrEu6SxBC+OfPNe_DqNn-=4c9p=1d9Cz5XR3NbbcD2OQ@mail.gmail.com>
Date: Mon, 28 Oct 2019 11:35:04 -0500
From: Navid Emamdoost <navid.emamdoost@...il.com>
To: Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>
Cc: Navid Emamdoost <emamd001@....edu>, Kangjie Lu <kjlu@....edu>,
Stephen McCamant <smccaman@....edu>,
Liam Girdwood <lgirdwood@...il.com>,
Mark Brown <broonie@...nel.org>,
Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>,
Guennadi Liakhovetski <guennadi.liakhovetski@...ux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@...ux.intel.com>,
Pan Xiuli <xiuli.pan@...ux.intel.com>,
Kai Vehmanen <kai.vehmanen@...ux.intel.com>,
Slawomir Blauciak <slawomir.blauciak@...ux.intel.com>,
alsa-devel@...a-project.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
On Sun, Oct 27, 2019 at 9:15 PM Pierre-Louis Bossart
<pierre-louis.bossart@...ux.intel.com> wrote:
>
>
>
> On 10/27/19 4:53 PM, Navid Emamdoost wrote:
> > In the implementation of sof_set_get_large_ctrl_data() there is a memory
> > leak in case an error. Release partdata if sof_get_ctrl_copy_params()
> > fails.
> >
> > Fixes: 54d198d5019d ("ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly")
> > Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
>
> Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>
>
> May I ask which tool you used to find those issues, looks like we have a
> gap here?
We are developing a research tool to find such cases. Not sure what
gap you are referring to, but we statically track the allocation and
look for an appropriate release/assignment of the pointer.
>
> > ---
> > sound/soc/sof/ipc.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
> > index b2f359d2f7e5..086eeeab8679 100644
> > --- a/sound/soc/sof/ipc.c
> > +++ b/sound/soc/sof/ipc.c
> > @@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
> > else
> > err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
> > sparams);
> > - if (err < 0)
> > + if (err < 0) {
> > + kfree(partdata);
> > return err;
> > + }
> >
> > msg_bytes = sparams->msg_bytes;
> > pl_size = sparams->pl_size;
> >
--
Navid.
Powered by blists - more mailing lists