Takashi Iwai
2d37bad8df
- Backport upstream fixes: yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in UCM (bsc#1181194): 0004-topology-use-inclusive-language-for-bclk.patch 0005-topology-use-inclusive-language-for-fsync.patch 0006-topology-use-inclusive-language-in-documentation.patch 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch 0038-topology-parse_tuple_set-remove-dead-condition-code.patch 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch OBS-URL: https://build.opensuse.org/request/show/865334 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/alsa?expand=0&rev=292
32 lines
947 B
Diff
32 lines
947 B
Diff
From 3f63dc26445ae7c215e48a57af83b6da325f166d Mon Sep 17 00:00:00 2001
|
|
From: Jaroslav Kysela <perex@perex.cz>
|
|
Date: Thu, 7 Jan 2021 17:41:38 +0100
|
|
Subject: [PATCH 39/44] ucm: uc_mgr_substitute_tree() fix use after free
|
|
|
|
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
|
---
|
|
src/ucm/ucm_subs.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/ucm/ucm_subs.c b/src/ucm/ucm_subs.c
|
|
index f608bb0955a6..df6d736fc820 100644
|
|
--- a/src/ucm/ucm_subs.c
|
|
+++ b/src/ucm/ucm_subs.c
|
|
@@ -417,11 +417,12 @@ int uc_mgr_substitute_tree(snd_use_case_mgr_t *uc_mgr, snd_config_t *node)
|
|
if (err < 0)
|
|
return err;
|
|
err = snd_config_set_id(node, s);
|
|
- free(s);
|
|
if (err < 0) {
|
|
uc_error("unable to set substituted id '%s' (old id '%s')", s, id);
|
|
+ free(s);
|
|
return err;
|
|
}
|
|
+ free(s);
|
|
}
|
|
if (snd_config_get_type(node) != SND_CONFIG_TYPE_COMPOUND) {
|
|
if (snd_config_get_type(node) == SND_CONFIG_TYPE_STRING) {
|
|
--
|
|
2.26.2
|
|
|