mirrors/alsa-lib
1
0
Fork 0
mirror of https://github.com/alsa-project/alsa-lib.git synced 2026-03-29 07:57:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

topology: decoder: fix wrong sizeof for enum control allocation in dapm

Browse source 
The tplg_calloc() call for enum control in the dapm widget kcontrol
decode loop used sizeof(*mt) (mixer template) instead of sizeof(*et)
(enum template). On 64-bit systems, snd_tplg_mixer_template is 72 bytes
while snd_tplg_enum_template is 80 bytes, causing an 8-byte heap buffer
overflow when the enum fields (texts, values pointers) were written past
the allocated block. This resulted in heap corruption and e.g. glibc
malloc hit an assert.

Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
This commit is contained in:
Kai Vehmanen 2026-03-23 17:10:33 +02:00
parent 62c24074ae
commit af49eb1d31
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/topology/dapm.c
View file

@ -983,7 +983,7 @@ next:
bin, size2);
break;
case SND_SOC_TPLG_TYPE_ENUM:
et = tplg_calloc(&heap, sizeof(*mt));
et = tplg_calloc(&heap, sizeof(*et));
if (et == NULL) {
err = -ENOMEM;
goto retval;