11 Apr
2022
11 Apr
'22
8:35 p.m.
On Sun, 3 Apr 2022 at 04:39, Andrew Scull ascull@google.com wrote:
Data is written for each channel but is only tracked as having one channel written. This resulted in a buffer overflow and corruption of the allocator's metadata which caused further problems when the buffer was later freed. This could be observed with sandbox unit tests.
Resolve the overflow by tracking the writes for each channel.
Fixes: f987177db9 ("dm: sound: Use the correct number of channels for sound") Signed-off-by: Andrew Scull ascull@google.com Cc: Simon Glass sjg@chromium.org
drivers/sound/sound.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org