745b477c70
When the device descriptor is closed, the `substream->runtime` pointer is freed. But another thread may be in the ioctl handler, case SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which calls snd_pcm_info() which accesses the now freed `substream->runtime`. Bug: 36006981 Signed-off-by: Robb Glasser <rglasser@google.com> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> Change-Id: I445d24bc21dc0af6d9522a8daabe64969042236a |
||
|---|---|---|
| .. | ||
| oss | ||
| seq | ||
| Kconfig | ||
| Makefile | ||
| compress_offload.c | ||
| control.c | ||
| control_compat.c | ||
| ctljack.c | ||
| device.c | ||
| hrtimer.c | ||
| hwdep.c | ||
| hwdep_compat.c | ||
| info.c | ||
| info_oss.c | ||
| init.c | ||
| isadma.c | ||
| jack.c | ||
| memalloc.c | ||
| memory.c | ||
| misc.c | ||
| pcm.c | ||
| pcm_compat.c | ||
| pcm_lib.c | ||
| pcm_memory.c | ||
| pcm_misc.c | ||
| pcm_native.c | ||
| pcm_timer.c | ||
| rawmidi.c | ||
| rawmidi_compat.c | ||
| rtctimer.c | ||
| sgbuf.c | ||
| sound.c | ||
| sound_oss.c | ||
| timer.c | ||
| timer_compat.c | ||
| vmaster.c | ||