diff options
| author | Dimitris Papastamos <dp@opensource.wolfsonmicro.com> | 2010-11-29 06:43:33 -0500 |
|---|---|---|
| committer | Mark Brown <broonie@opensource.wolfsonmicro.com> | 2010-11-30 07:51:51 -0500 |
| commit | 09c74a9d0b0bedff16d0881db8cc0054a5e34f47 (patch) | |
| tree | 0020dcbe3ddbeefb3540ba1571075a5783d33da7 | |
| parent | dfa7c70b04bb20df7936018c737014655bf92d09 (diff) | |
ASoC: soc-cache: Fix memory overflow in LZO initialization
The bitmap_zero() nbits argument was improperly set to reg_size
but the underlying buffer was bmp_size long. This caused the memset
to zero past the end of the allocated buffer and into the kernel heap
causing strange kernel crashes sometimes by overwriting critical
kernel structures.
Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
| -rw-r--r-- | sound/soc/soc-cache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c index 9b1ba33e6fe9..514398463f7d 100644 --- a/sound/soc/soc-cache.c +++ b/sound/soc/soc-cache.c | |||
| @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec) | |||
| 1348 | ret = -ENOMEM; | 1348 | ret = -ENOMEM; |
| 1349 | goto err; | 1349 | goto err; |
| 1350 | } | 1350 | } |
| 1351 | bitmap_zero(sync_bmp, reg_size); | 1351 | bitmap_zero(sync_bmp, bmp_size); |
| 1352 | 1352 | ||
| 1353 | /* allocate the lzo blocks and initialize them */ | 1353 | /* allocate the lzo blocks and initialize them */ |
| 1354 | for (i = 0; i < blkcount; ++i) { | 1354 | for (i = 0; i < blkcount; ++i) { |