Searched hist:c83f1d7e (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/sound/soc/codecs/ |
| H A D | wm2000.c | c83f1d7e Mon Jan 23 15:28:44 CST 2012 Jesper Juhl <jj@chaosbits.net> ASoC: wm2000: Fix use-after-free - don't release_firmware() twice on error
In wm2000_i2c_probe(), if we take the true branch in
"
ret = snd_soc_register_codec(&i2c->dev, &soc_codec_dev_wm2000,
NULL, 0);
if (ret != 0)
goto err_fw;
"
then we'll release_firmware(fw) at the 'err_fw' label. But we've already
done that just a few lines above. That's a use-after-free bug.
This patch restructures the code so that we always call
release_firmware(fw) before leaving the function, but only ever call
it once.
This means that we have to initialize 'fw' to NULL since some paths
may now end up calling it without having called request_firmware(),
but since request_firmware() deals gracefully with NULL pointers, we
are fine if we just NULL initialize it.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
c83f1d7e Mon Jan 23 15:28:44 CST 2012 Jesper Juhl <jj@chaosbits.net> ASoC: wm2000: Fix use-after-free - don't release_firmware() twice on error
In wm2000_i2c_probe(), if we take the true branch in
"
ret = snd_soc_register_codec(&i2c->dev, &soc_codec_dev_wm2000,
NULL, 0);
if (ret != 0)
goto err_fw;
"
then we'll release_firmware(fw) at the 'err_fw' label. But we've already
done that just a few lines above. That's a use-after-free bug.
This patch restructures the code so that we always call
release_firmware(fw) before leaving the function, but only ever call
it once.
This means that we have to initialize 'fw' to NULL since some paths
may now end up calling it without having called request_firmware(),
but since request_firmware() deals gracefully with NULL pointers, we
are fine if we just NULL initialize it.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
|