From 1ac965184eaefe503939e454273223a1d8d32f41 Mon Sep 17 00:00:00 2001 From: Piotr Maziarz Date: Mon, 31 Aug 2020 11:08:54 +0200 Subject: [PATCH] topology: decode: Fix channel map memory allocation MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Memory allocated on the stack was referenced outside of the function scope caused undefined behaviour. Signed-off-by: Piotr Maziarz Reviewed-by: Cezary Rojewski Reviewed-by: Amadeusz Sławiński Reviewed-by: Pierre-Louis Bossart Signed-off-by: Jaroslav Kysela --- src/topology/ctl.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/topology/ctl.c b/src/topology/ctl.c index 90241b63..6e6c1d16 100644 --- a/src/topology/ctl.c +++ b/src/topology/ctl.c @@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, void *bin, size_t size) { struct snd_soc_tplg_enum_control *ec = bin; - struct snd_tplg_channel_map_template cmt; int i; if (size < sizeof(*ec)) { @@ -1375,11 +1374,13 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg, } } - et->map = &cmt; - memset(&cmt, 0, sizeof(cmt)); - cmt.num_channels = ec->num_channels; - for (i = 0; i < cmt.num_channels; i++) { - struct snd_tplg_channel_elem *channel = &cmt.channel[i]; + et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template)); + if (!et->map) + return -ENOMEM; + et->map->num_channels = ec->num_channels; + for (i = 0; i < et->map->num_channels; i++) { + struct snd_tplg_channel_elem *channel = &et->map->channel[i]; + tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec), "enum: channel size %d", ec->channel[i].size); channel->reg = ec->channel[i].reg; -- 2.47.1