Hi, Before commit f24640648186b (ALSA: Use standard device refcount for card accounting), snd_card_free() would return -EINVAL on a null pointer. Now it ends up in a null pointer dereference. There is at least one driver that can call snd_card_free() with null argument: saa7134_alsa. It can easily be triggered by just inserting and removing the module (no need to have the hardware). I don't think that is a rule, but it seems that the standard behavior of *_free() functions is to check for null pointer. What do you think? Thanks, Jerome
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
