snd_device_name_hint() corrupts the config name space after its call.
This results in the error from the suceeding calls of snd_pcm_open()
after snd_device_name_hint().
The bug is in try_config() in namehint.c; it calls snd_config_delete(res)
but res can be two different objects in the function. One is the object
obtained via snd_config_search_definition(), and another is the one from
snd_config_search_alias_hooks(). The former is the expanded objects,
thus it should be freed. But, the latter is a reference, and must not be
freed.
This patch adds the check to free or not.
Reported-by: John Lindgren <john.lindgren@tds.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
const char *str;
int err = 0, level;
long dev = list->device;
+ int cleanup_res = 0;
list->device_input = -1;
list->device_output = -1;
snd_lib_error_set_handler(eh);
if (err < 0)
goto __skip_add;
+ cleanup_res = 1;
err = -EINVAL;
if (snd_config_get_type(res) != SND_CONFIG_TYPE_COMPOUND)
goto __cleanup;
goto __hint;
snd_config_delete(res);
res = NULL;
+ cleanup_res = 0;
if (strchr(buf, ':') != NULL)
goto __ok;
/* find, if all parameters have a default, */
err = hint_list_add(list, buf, buf1);
}
__skip_add:
- if (res)
+ if (res && cleanup_res)
snd_config_delete(res);
if (buf1)
free(buf1);
git://git.alsa-project.org / alsa-lib.git / commitdiff