Commit 37f7ec38ea5c31180461f82e895e13fdd549b595
Committed by
Takashi Iwai
1 parent
2308f4add3
Exists in
master
and in
4 other branches
ALSA: 6fire: Fix double-free bug in usb6fire_fw_ezusb_upload()
We have a double-free bug in sound/usb/6fire/firmware.c::usb6fire_fw_ezusb_upload(). We already call release_firmware(fw) on line 258, so when we then do it again after usb6fire_fw_ezusb_write() returns <0, we have a double-free. Easily fixed by just removing the last call to release_firmware(). Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Showing 1 changed file with 0 additions and 1 deletions Side-by-side Diff
sound/usb/6fire/firmware.c
... | ... | @@ -270,7 +270,6 @@ |
270 | 270 | data = 0x00; /* resume ezusb cpu */ |
271 | 271 | ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); |
272 | 272 | if (ret < 0) { |
273 | - release_firmware(fw); | |
274 | 273 | snd_printk(KERN_ERR PREFIX "unable to upload ezusb " |
275 | 274 | "firmware %s: end message.\n", fwname); |
276 | 275 | return ret; |