ASoC: soc-cache: Fix memory overflow in LZO initialization

The bitmap_zero() nbits argument was improperly set to reg_size but the underlying buffer was bmp_size long. This caused the memset to zero past the end of the allocated buffer and into the kernel heap causing strange kernel crashes sometimes by overwriting critical kernel structures. Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com> Acked-by: Liam Girdwood <lrg@slimlogic.co.uk> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>

ASoC: soc-cache: Fix memory overflow in LZO initialization
The bitmap_zero() nbits argument was improperly set to reg_size but the underlying buffer was bmp_size long. This caused the memset to zero past the end of the allocated buffer and into the kernel heap causing strange kernel crashes sometimes by overwriting critical kernel structures. Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com> Acked-by: Liam Girdwood <lrg@slimlogic.co.uk> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
09c74a9d · Dimitris Papastamos · Mark Brown · dfa7c70b · 09c74a9d
Commit 09c74a9d authored Nov 29, 2010 by Dimitris Papastamos Committed by Mark Brown Nov 30, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

sound/soc/soc-cache.c sound/soc/soc-cache.c +1 -1

No files found.
--- a/sound/soc/soc-cache.c
+++ b/sound/soc/soc-cache.c
@@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec)
 		ret = -ENOMEM;
 		goto err;
 	}
-	bitmap_zero(sync_bmp, reg_size);
+	bitmap_zero(sync_bmp, bmp_size);

 	/* allocate the lzo blocks and initialize them */
 	for (i = 0; i < blkcount; ++i) {