From 09c74a9d0b0bedff16d0881db8cc0054a5e34f47 Mon Sep 17 00:00:00 2001 From: Dimitris Papastamos Date: Mon, 29 Nov 2010 11:43:33 +0000 Subject: [PATCH] ASoC: soc-cache: Fix memory overflow in LZO initialization The bitmap_zero() nbits argument was improperly set to reg_size but the underlying buffer was bmp_size long. This caused the memset to zero past the end of the allocated buffer and into the kernel heap causing strange kernel crashes sometimes by overwriting critical kernel structures. Signed-off-by: Dimitris Papastamos Acked-by: Liam Girdwood Signed-off-by: Mark Brown --- sound/soc/soc-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c index 9b1ba33e6fe9..514398463f7d 100644 --- a/sound/soc/soc-cache.c +++ b/sound/soc/soc-cache.c @@ -1348,7 +1348,7 @@ static int snd_soc_lzo_cache_init(struct snd_soc_codec *codec) ret = -ENOMEM; goto err; } - bitmap_zero(sync_bmp, reg_size); + bitmap_zero(sync_bmp, bmp_size); /* allocate the lzo blocks and initialize them */ for (i = 0; i < blkcount; ++i) {