diff mbox

[1/1] ASoC: Intel: Atom: add a missing star in a memcpy call

Message ID 1472408231.26978.98.camel@perches.com (mailing list archive)
State New, archived
Headers show

Commit Message

Joe Perches Aug. 28, 2016, 6:17 p.m. UTC 
On Sun, 2016-08-28 at 19:39 +0200, Nicolas Iooss wrote:
> In sst_prepare_and_post_msg(), when a response is received in "block",
> the following code gets executed:
> 
>     *data = kzalloc(block->size, GFP_KERNEL);
>     memcpy(data, (void *) block->data, block->size);
> 
> The memcpy() call overwrites the content of the *data pointer instead of
> filling the newly-allocated memory (which pointer is hold by *data).
> Fix this by using *data in the memcpy() call.
> 
> Fixes: 60dc8dbacb00 ("ASoC: Intel: sst: Add some helper functions")
> Cc: stable@vger.kernel.org # 3.19.x
> Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
> ---
>  sound/soc/intel/atom/sst/sst_pvt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/sound/soc/intel/atom/sst/sst_pvt.c b/sound/soc/intel/atom/sst/sst_pvt.c
> index adb32fefd693..7c398b7c9d4b 100644
> --- a/sound/soc/intel/atom/sst/sst_pvt.c
> +++ b/sound/soc/intel/atom/sst/sst_pvt.c
> @@ -289,7 +289,7 @@ int sst_prepare_and_post_msg(struct intel_sst_drv *sst,
>  				ret = -ENOMEM;
>  				goto out;
>  			} else
> -				memcpy(data, (void *) block->data, block->size);
> +				memcpy(*data, (void *) block->data, block->size);
>  		}
>  	}
>  out:

Perhaps this would be nicer using kmemdup too
---
 sound/soc/intel/atom/sst/sst_pvt.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Comments

Nicolas Iooss Aug. 28, 2016, 6:31 p.m. UTC | #1 
On 28/08/16 20:17, Joe Perches wrote:
> On Sun, 2016-08-28 at 19:39 +0200, Nicolas Iooss wrote:
>> In sst_prepare_and_post_msg(), when a response is received in "block",
>> the following code gets executed:
>>
>>     *data = kzalloc(block->size, GFP_KERNEL);
>>     memcpy(data, (void *) block->data, block->size);
>>
>> The memcpy() call overwrites the content of the *data pointer instead of
>> filling the newly-allocated memory (which pointer is hold by *data).
>> Fix this by using *data in the memcpy() call.
>>
>> Fixes: 60dc8dbacb00 ("ASoC: Intel: sst: Add some helper functions")
>> Cc: stable@vger.kernel.org # 3.19.x
>> Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
>> ---
>>  sound/soc/intel/atom/sst/sst_pvt.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/sound/soc/intel/atom/sst/sst_pvt.c b/sound/soc/intel/atom/sst/sst_pvt.c
>> index adb32fefd693..7c398b7c9d4b 100644
>> --- a/sound/soc/intel/atom/sst/sst_pvt.c
>> +++ b/sound/soc/intel/atom/sst/sst_pvt.c
>> @@ -289,7 +289,7 @@ int sst_prepare_and_post_msg(struct intel_sst_drv *sst,
>>  				ret = -ENOMEM;
>>  				goto out;
>>  			} else
>> -				memcpy(data, (void *) block->data, block->size);
>> +				memcpy(*data, (void *) block->data, block->size);
>>  		}
>>  	}
>>  out:
> 
> Perhaps this would be nicer using kmemdup too

Thanks for your quick reply! I agree using kmemdup looks nicer here and
your patch looks good. I will send a v2 once I compile-tested it.

Nicolas
diff mbox

Patch

diff --git a/sound/soc/intel/atom/sst/sst_pvt.c b/sound/soc/intel/atom/sst/sst_pvt.c
index adb32fe..b1e6b8f 100644
--- a/sound/soc/intel/atom/sst/sst_pvt.c
+++ b/sound/soc/intel/atom/sst/sst_pvt.c
@@ -279,17 +279,15 @@  int sst_prepare_and_post_msg(struct intel_sst_drv *sst,
 
 	if (response) {
 		ret = sst_wait_timeout(sst, block);
-		if (ret < 0) {
+		if (ret < 0)
 			goto out;
-		} else if(block->data) {
-			if (!data)
-				goto out;
-			*data = kzalloc(block->size, GFP_KERNEL);
-			if (!(*data)) {
+
+		if (data && block->data) {
+			*data = kmemdup(block->data, block->size, GFP_KERNEL);
+			if (!*data) {
 				ret = -ENOMEM;
 				goto out;
-			} else
-				memcpy(data, (void *) block->data, block->size);
+			}
 		}
 	}
 out: