On 6/25/20 6:03 AM, Piotr Maziarz wrote:
Without proper memory allocation behaviour was undefined.
Maybe elaborate to explain that memory allocated on the stack was
referenced outside of the function scope?
Signed-off-by: Piotr Maziarz <piotrx.maziarz@xxxxxxxxxxxxxxx>
---
src/topology/ctl.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/topology/ctl.c b/src/topology/ctl.c
index 90241b6..c8c7e94 100644
--- a/src/topology/ctl.c
+++ b/src/topology/ctl.c
@@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg,
void *bin, size_t size)
{
struct snd_soc_tplg_enum_control *ec = bin;
- struct snd_tplg_channel_map_template cmt;
int i;
if (size < sizeof(*ec)) {
@@ -1375,11 +1374,11 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg,
}
}
- et->map = &cmt;
- memset(&cmt, 0, sizeof(cmt));
- cmt.num_channels = ec->num_channels;
- for (i = 0; i < cmt.num_channels; i++) {
- struct snd_tplg_channel_elem *channel = &cmt.channel[i];
+ et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template));
if (!et->map)
return -ENOMEM;
+ et->map->num_channels = ec->num_channels;
+ for (i = 0; i < et->map->num_channels; i++) {
+ struct snd_tplg_channel_elem *channel = &et->map->channel[i];
+
tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec),
"enum: channel size %d", ec->channel[i].size);
channel->reg = ec->channel[i].reg;
