alsa/0008-pcm_hw-Fix-buffer-overflow-in-chmap.patch

From c91785e002b96afad344a8ab182e8d33e355b7f7 Mon Sep 17 00:00:00 2001
From: David Henningsson <david.henningsson@canonical.com>
Date: Mon, 10 Jun 2013 16:42:47 +0200
Subject: [PATCH] pcm_hw: Fix buffer overflow in chmap

We can't calculate memory storage in bytes, when we're supposed
to store ints in it!

Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
---
 src/pcm/pcm_hw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pcm/pcm_hw.c b/src/pcm/pcm_hw.c
index 196393d..9ff83a9 100644
--- a/src/pcm/pcm_hw.c
+++ b/src/pcm/pcm_hw.c
@@ -1187,7 +1187,7 @@ static snd_pcm_chmap_t *snd_pcm_hw_get_chmap(snd_pcm_t *pcm)
 		       snd_pcm_state_name(FAST_PCM_STATE(hw)));
 		return NULL;
 	}
-	map = malloc(pcm->channels + 1);
+	map = malloc(pcm->channels * sizeof(map->pos[0]) + sizeof(*map));
 	if (!map)
 		return NULL;
 	map->channels = pcm->channels;
-- 
1.8.3