The file sound/pci/ctxfi/ctpcm.c contains the functions
ct_pcm_playback_open and ct_pcm_capture_open that contain the following
pattern of code:
runtime->private_data = apcm;
...
if (err < 0) {
kfree(apcm);
return err;
}
I wonder if this leaves a dangling pointer to apcm in runtime?
The function ct_atc_pcm_free_substream on the other hand does set the
private_data field to NULL after freeing apcm. But perhaps there is
something in the calling context of open that ensures that if the open
function fails, the private_data field of runtime will never be used?
thanks,
julia
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
