On 2025-09-18 3:56 PM, Guangshuo Li wrote:
kcalloc() may fail. avs_path_set_constraint() writes to rlist[i], clist[i], and slist[i] unconditionally, which can cause a NULL pointer dereference under low-memory conditions.
Add checks for the three kcalloc() calls. If any allocation fails, free any previously allocated lists and return -ENOMEM.
Fixes: f2f847461fb7 ("ASoC: Intel: avs: Constrain path based on BE capabilities") Cc: stable@vger.kernel.org Signed-off-by: Guangshuo Li lgs201920130244@gmail.com
sound/soc/intel/avs/path.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/sound/soc/intel/avs/path.c b/sound/soc/intel/avs/path.c index cafb8c6198be..cb641d37d565 100644 --- a/sound/soc/intel/avs/path.c +++ b/sound/soc/intel/avs/path.c @@ -135,6 +135,9 @@ int avs_path_set_constraint(struct avs_dev *adev, struct avs_tplg_path_template clist = kcalloc(i, sizeof(clist), GFP_KERNEL); slist = kcalloc(i, sizeof(slist), GFP_KERNEL);
- if (!rlist || !clist || !slist)
return -ENOMEM;- i = 0; list_for_each_entry(path_template, &template->path_list, node) { struct avs_tplg_pipeline *pipeline_template;
Hi,
Something isn't right here. The code is supposed to be already there, please see one of the series [1] I've sent earlier this year. Perhaps you're working with an older version of the kernel?
[1]: https://lore.kernel.org/all/20250530141025.2942936-7-cezary.rojewski@intel.c...
Kind regards, Czarek