ASoC: dapm: fix use-after-free issue with dailink sname
authorPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Fri, 1 Feb 2019 17:05:12 +0000 (11:05 -0600)
committerMark Brown <broonie@kernel.org>
Sat, 2 Feb 2019 16:13:09 +0000 (17:13 +0100)
commit199ed3e81c49a621ce6fcb630ab9f30d92db6718
tree9b0e819eddbf9869c13923d475a7d8aa78ecac81
parent4bd8597dc36c376a2bb1ef2c72984615bdeb68de
ASoC: dapm: fix use-after-free issue with dailink sname

Commit 7620fe9161ce ("ASoC: topology: fix memory leak in
soc_tplg_dapm_widget_create") fixed a memory leak issue, but
additional tests and KASAN reports show a use-after-free in soc-dapm.

The widgets are created with a kmemdup operating on a template. The
"name" string is also duplicated, but the "sname" string is not. As a
result, when the template is freed after widget creation, its sname
string is still used.

Fix by explicitly duplicating the "sname" string, and freeing it when
required.

Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/soc-dapm.c