Julia Lawall wrote:
> The file sound/pci/ctxfi/ctpcm.c contains the functions
> ct_pcm_playback_open and ct_pcm_capture_open that contain the following
> pattern of code:
>
> runtime->private_data = apcm;
> ...
> if (err < 0) {
> kfree(apcm);
> return err;
> }
>
> I wonder if this leaves a dangling pointer to apcm in runtime?
The runtime structure contains data that is valid only while the
substream is open; it is allocated by the ALSA framework before
calling the open callback, and deallocated after calling the close
callback (or if the open callback fails).
> The function ct_atc_pcm_free_substream on the other hand does set the
> private_data field to NULL after freeing apcm.
This is superfluous.
> But perhaps there is something in the calling context of open that
> ensures that if the open function fails, the private_data field of
> runtime will never be used?
If the open callback fails, the close callback will not be called.
However, the runtime->private_free callback, if set, will be called.
So there is indeed a dangling pointer.
Regards,
Clemens
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
