At Mon, 21 Jun 2010 17:05:16 +0200, Daniel Mack wrote: > > On Mon, Jun 21, 2010 at 05:03:21PM +0200, Jiri Slaby wrote: > > Stanse found that in snd_usb_parse_audio_endpoints, there is a > > dangling pointer dereference. When snd_usb_parse_audio_format fails, > > fp is freed, and continue invoked. On the next loop, there is > > "fp && fp->altsetting == 1 && fp->channels == 1" test, but fp is set > > from the last iteration (but is bogus) and thus ilegally dereferenced. > > > > Set fp to NULL before "continue". > > Oh, absolutely. Thanks. > > > Signed-off-by: Jiri Slaby <jslaby@xxxxxxx> > > Acked-by: Daniel Mack <daniel@xxxxxxxx> > > I think this should go thru the ALSA tree. Yep, I applied it now. Thanks! Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
