ALSA: 6fire: Fix double-free bug in usb6fire_fw_ezusb_upload()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We have a double-free bug in
sound/usb/6fire/firmware.c::usb6fire_fw_ezusb_upload().
We already call release_firmware(fw) on line 258, so when we then do it
again after usb6fire_fw_ezusb_write() returns <0, we have a double-free.
Easily fixed by just removing the last call to release_firmware().

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

authored by

Jesper Juhl and committed by

Takashi Iwai 15 years ago 37f7ec38 2308f4ad

-1

1 changed file

expand all

sound

usb

6fire

firmware.c

-1

sound/usb/6fire/firmware.c

··· 270 270 data = 0x00; /* resume ezusb cpu */ 271 271 ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); 272 272 if (ret < 0) { 273 - release_firmware(fw); 274 273 snd_printk(KERN_ERR PREFIX "unable to upload ezusb " 275 274 "firmware %s: end message.\n", fwname); 276 275 return ret;