From: Akinobu Mita Date: Thu, 23 Nov 2006 11:03:24 +0000 (+0100) Subject: [ALSA] sound: fix PCM substream list X-Git-Tag: firefly_0821_release~31826^2~5 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4d361285925613516560f81f8c7fc96b89c8b1a8;p=firefly-linux-kernel-4.4.55.git [ALSA] sound: fix PCM substream list If snd_pcm_new_stream() fails to initalize a substream (if snd_pcm_substream_proc_init() returns error), snd_pcm_new_stream() immediately return without unlinking that kfree()d substram. It causes oops when snd_pcm_free() iterates the list of substream to free them by invalid reference. Signed-off-by: Akinobu Mita Signed-off-by: Takashi Iwai Signed-off-by: Jaroslav Kysela --- diff --git a/sound/core/pcm.c b/sound/core/pcm.c index 5ac6e19ccb41..8e0189885516 100644 --- a/sound/core/pcm.c +++ b/sound/core/pcm.c @@ -640,6 +640,10 @@ int snd_pcm_new_stream(struct snd_pcm *pcm, int stream, int substream_count) err = snd_pcm_substream_proc_init(substream); if (err < 0) { snd_printk(KERN_ERR "Error in snd_pcm_stream_proc_init\n"); + if (prev == NULL) + pstr->substream = NULL; + else + prev->next = NULL; kfree(substream); return err; }