Re: [PATCH 3.13 110/149] ASoC: pcm: free path list before exiting from error conditions

[Ben Hutchings]

On Thu, 2014-03-20 at 17:04 -0700, Greg Kroah-Hartman wrote:
> 3.13-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Patrick Lai <plai@xxxxxxxxxxxxxx>
> 
> commit e4ad1accb28d0ed8cea6f12395d58686ad344ca7 upstream.
> 
> dpcm_path_get() allocates dynamic memory to hold path list.
> Corresponding dpcm_path_put() must be called to free the memory.
> dpcm_path_put() is not called under several error conditions.
> This leads to memory leak.

This is broken.  dpcm_path_get() may return -ENOMEM and not initialise
the list at all.

If snd_soc_dapm_dai_get_connected_widgets() can fail (I don't think it
can) then dpcm_path_get() should be responsible for freeing the list
before returning.

[...]
> --- a/sound/soc/soc-pcm.c
> +++ b/sound/soc/soc-pcm.c
[...]
> @@ -1979,6 +1981,7 @@ static int dpcm_fe_dai_open(struct snd_p
>  	fe->dpcm[stream].runtime = fe_substream->runtime;
>  
>  	if (dpcm_path_get(fe, stream, &list) <= 0) {
> +		dpcm_path_put(&list);

This is the one place where a memory leak seems to be possible, but the
< 0 and == 0 cases need to be distinguished.

Greg, please drop this until it is fixed properly upstream.

Ben.

>  		dev_dbg(fe->dev, "ASoC: %s no valid %s route\n",
>  			fe->dai_link->name, stream ? "capture" : "playback");
>  	}

-- 
Ben Hutchings
I'm not a reverse psychological virus.  Please don't copy me into your sig.

Attachment: signature.asc
Description: This is a digitally signed message part