Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 923e3da9 authored by Aditya Bavanari's avatar Aditya Bavanari
Browse files

ASoC: msm: qdsp6v2: Fix dangling pointer access 



Fix access of a dangling pointer by assigning it to NULL.

CRs-Fixed: 2096407
Change-Id: I22c1d55ea611ac59cdca51924787f6831bad8c2b
Signed-off-by: default avatarAditya Bavanari <abavanar@codeaurora.org>
parent 38df4984

sound/soc/msm/qdsp6v2/q6asm.c

+11 −11
Original line number Diff line number Diff line
@@ -3368,6 +3368,15 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac, 
	int bytes_to_alloc, rc;

	size_t len;



	mutex_lock(&ac->cmd_lock);



	if (ac->port[dir].buf) {

		pr_err("%s: Buffer already allocated\n", __func__);

		rc = -EINVAL;

		mutex_unlock(&ac->cmd_lock);

		goto done;

	}



	buf_circ = kzalloc(sizeof(struct audio_buffer), GFP_KERNEL);



	if (!buf_circ) {
@@ -3375,10 +3384,6 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac, 
		goto done;

	}



	mutex_lock(&ac->cmd_lock);



	ac->port[dir].buf = buf_circ;



	bytes_to_alloc = bufsz * bufcnt;

	bytes_to_alloc = PAGE_ALIGN(bytes_to_alloc);
@@ -3390,11 +3395,12 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac, 
	if (rc) {

		pr_err("%s: Audio ION alloc is failed, rc = %d\n", __func__,

				rc);

		mutex_unlock(&ac->cmd_lock);

		kfree(buf_circ);

		mutex_unlock(&ac->cmd_lock);

		goto done;

	}



	ac->port[dir].buf = buf_circ;

	buf_circ->used = dir ^ 1;

	buf_circ->size = bytes_to_alloc;

	buf_circ->actual_size = bytes_to_alloc;
@@ -3559,12 +3565,6 @@ int q6asm_open_shared_io(struct audio_client *ac, 
		goto done;

	}



	if (ac->port[dir].buf) {

		pr_err("%s: Buffer already allocated\n", __func__);

		rc = -EINVAL;

		goto done;

	}



	rc = q6asm_set_shared_circ_buff(ac, open, bufsz, bufcnt, dir);



	if (rc)