On 12/07/2015 01:15 AM, Takashi Iwai wrote: > On Sat, 05 Dec 2015 01:00:29 +0100, > Shuah Khan wrote: >> >> Fix the out of bounds access in media_entity_init() found >> by KASan. This is a result of media_mixer_init() failing >> to allocate memory for all 3 of its pads before calling >> media_entity_init(). Fix it to allocate memory for the >> right struct media_mixer_ctl instead of struct media_ctl. >> >> Signed-off-by: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx> >> --- >> >> This patch fixes the mixer patch below: >> https://patchwork.linuxtv.org/patch/31827/ >> >> sound/usb/media.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/sound/usb/media.c b/sound/usb/media.c >> index bebe27b..0cb44b9 100644 >> --- a/sound/usb/media.c >> +++ b/sound/usb/media.c >> @@ -233,8 +233,8 @@ int media_mixer_init(struct snd_usb_audio *chip) >> if (mixer->media_mixer_ctl) >> continue; >> >> - /* allocate media_ctl */ >> - mctl = kzalloc(sizeof(struct media_ctl), GFP_KERNEL); >> + /* allocate media_mixer_ctl */ >> + mctl = kzalloc(sizeof(struct media_mixer_ctl), GFP_KERNEL); > > Isn't it better to use sizeof(*mctl)? > Yes. That is definitely less error prone than sizeof(struct foo). I will fix it and send the corrected patch. thanks, -- Shuah -- Shuah Khan Sr. Linux Kernel Developer Open Source Innovation Group Samsung Research America (Silicon Valley) shuahkh@xxxxxxxxxxxxxxx | (970) 217-8978 _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
