4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Iooss <nicolas.iooss_linux@xxxxxxx>
commit 61ab0d403bbd9d5f6e000e3b5734049141b91f6f upstream.
In sst_prepare_and_post_msg(), when a response is received in "block",
the following code gets executed:
*data = kzalloc(block->size, GFP_KERNEL);
memcpy(data, (void *) block->data, block->size);
The memcpy() call overwrites the content of the *data pointer instead of
filling the newly-allocated memory (which pointer is hold by *data).
Fix this by merging kzalloc+memcpy into a single kmemdup() call.
Thanks Joe Perches for suggesting using kmemdup()
Fixes: 60dc8dbacb00 ("ASoC: Intel: sst: Add some helper functions")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@xxxxxxx>
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
sound/soc/intel/atom/sst/sst_pvt.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
--- a/sound/soc/intel/atom/sst/sst_pvt.c
+++ b/sound/soc/intel/atom/sst/sst_pvt.c
@@ -279,17 +279,15 @@ int sst_prepare_and_post_msg(struct inte
if (response) {
ret = sst_wait_timeout(sst, block);
- if (ret < 0) {
+ if (ret < 0)
goto out;
- } else if(block->data) {
- if (!data)
- goto out;
- *data = kzalloc(block->size, GFP_KERNEL);
- if (!(*data)) {
+
+ if (data && block->data) {
+ *data = kmemdup(block->data, block->size, GFP_KERNEL);
+ if (!*data) {
ret = -ENOMEM;
goto out;
- } else
- memcpy(data, (void *) block->data, block->size);
+ }
}
}
out:
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html