tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ASoC: sma1307: fix double free of devm_kzalloc() memory

A previous change added NULL checks and cleanup for allocation
failures in sma1307_setting_loaded().

However, the cleanup for mode_set entries is wrong. Those entries are
allocated with devm_kzalloc(), so they are device-managed resources and
must not be freed with kfree(). Manually freeing them in the error path
can lead to a double free when devres later releases the same memory.

Drop the manual kfree() loop and let devres handle the cleanup.

Fixes: 0ec6bd16705fe ("ASoC: sma1307: Add NULL check in sma1307_setting_loaded()")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
Link: https://patch.msgid.link/20260313040611.391479-1-lgs201920130244@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>

authored by

Guangshuo Li and committed by
Mark Brown fe757092 f338e773

+4 -2
+4 -2
sound/soc/codecs/sma1307.c
··· 1759 1759 sma1307->set.mode_size * 2 * sizeof(int), 1760 1760 GFP_KERNEL); 1761 1761 if (!sma1307->set.mode_set[i]) { 1762 - for (int j = 0; j < i; j++) 1763 - kfree(sma1307->set.mode_set[j]); 1762 + for (int j = 0; j < i; j++) { 1763 + devm_kfree(sma1307->dev, sma1307->set.mode_set[j]); 1764 + sma1307->set.mode_set[j] = NULL; 1765 + } 1764 1766 sma1307->set.status = false; 1765 1767 return; 1766 1768 }