On Mon, 2010-11-29 at 11:43 +0000, Dimitris Papastamos wrote: > The bitmap_zero() nbits argument was improperly set to reg_size > but the underlying buffer was bmp_size long. This caused the memset > to zero past the end of the allocated buffer and into the kernel heap > causing strange kernel crashes sometimes by overwriting critical > kernel structures. > > Signed-off-by: Dimitris Papastamos <dp@xxxxxxxxxxxxxxxxxxxxxxxxxxx> > --- > sound/soc/soc-cache.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c > index 9b1ba33..5143984 100644 > --- a/sound/soc/soc-cache.c > +++ b/sound/soc/soc-cache.c > @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec) > ret = -ENOMEM; > goto err; > } > - bitmap_zero(sync_bmp, reg_size); > + bitmap_zero(sync_bmp, bmp_size); > > /* allocate the lzo blocks and initialize them */ > for (i = 0; i < blkcount; ++i) { Acked-by: Liam Girdwood <lrg@xxxxxxxxxxxxxxx> -- Freelance Developer, SlimLogic Ltd ASoC and Voltage Regulator Maintainer. http://www.slimlogic.co.uk _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel