projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1438c2f)
ASoC: Fix use after free
authorLars-Peter Clausen <lars@metafoo.de>
Wed, 12 Mar 2014 07:34:39 +0000 (08:34 +0100)
committerMark Brown <broonie@linaro.org>
Wed, 12 Mar 2014 12:06:57 +0000 (12:06 +0000)
Freeing the current list element while iterating over the list will cause a use
after free since the iterator function will still use the current element to
look up the next. Use list_for_each_safe() and remove the element from the list
before freeing it to avoid this.

Fixes: 1438c2f60b ("ASoC: Add a per component dai list")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
sound/soc/soc-core.c patch | blob | blame | history

diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index f34f1a01fce1c34d066ba5116c50da42e02ae4ab..a78bba4d52fb91bdc8e982af634ffcf03dca2318 100644 (file)
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3913,11 +3913,12 @@ static inline char *fmt_multiple_name(struct device *dev,
  */
 static void snd_soc_unregister_dais(struct snd_soc_component *component)
 {
-       struct snd_soc_dai *dai;
+       struct snd_soc_dai *dai, *_dai;
 
-       list_for_each_entry(dai, &component->dai_list, list) {
+       list_for_each_entry_safe(dai, _dai, &component->dai_list, list) {
                dev_dbg(component->dev, "ASoC: Unregistered DAI '%s'\n",
                        dai->name);
+               list_del(&dai->list);
                kfree(dai->name);
                kfree(dai);
        }