On Tue, Apr 04, 2017 at 07:32:35PM +0000, alexander.levin@xxxxxxxxxxx wrote:
> From: Takashi Iwai <tiwai@xxxxxxx>
>
> [ Upstream commit e2810d76c5f3b0152fa0f7c40170e123b33e058c ]
>
> There are a few places leaking memory and doing double-free in
> mixer_us16x08.c.
>
> The driver allocates a usb_mixer_elem_info object at each
> add_new_ctl() call. This has to be freed via kctl->private_free, but
> currently this is done properly only for some controls.
>
> Also, the driver allocates three external objects (comp_store,
> eq_store, meter_store), and these are referred in elem->private_data
> (it's not kctl->private_data). And these have to be released, but
> there are none doing it. Moreover, these extra objects have to be
> released only once. Thus the release should be done only by the first
> kctl element that refers to it.
>
> For fixing these, we call either snd_usb_mixer_elem_free() (only for
> kctl->private_data) or elem_private_free() (for both
> kctl->private_data and elem->private_data) via kctl->private_free
> appropriately.
>
> Last but not least, snd_us16x08_controls_create() may return in the
> middle without releasing the allocated *_store objects due to an
> error. For fixing this, we shuffle the allocation code so that it's
> called just before its reference.
>
> Fixes: d2bb390a2081 ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk")
> Reported-by: Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx>
> Reviewed-by: Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx>
> Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
> ---
> sound/usb/mixer_us16x08.c | 92 ++++++++++++++++++++---------------------------
> sound/usb/mixer_us16x08.h | 1 -
> 2 files changed, 39 insertions(+), 54 deletions(-)
And as I didn't take the first one, I'll drop this too...
greg k-h