From f5e2199ae574245b56b32e047c93625a28fe3b3a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 15 Feb 2017 02:15:44 +0300 Subject: staging: bcm2835-audio: allocate enough data for work queues We accidentally allocate sizeof(void *) bytes instead of 112 bytes. It results in memory corruption. Fixes: 23b028c871e1 ("staging: bcm2835-audio: initial staging submission") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/bcm2835-audio/bcm2835-vchiq.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'drivers/staging/bcm2835-audio') diff --git a/drivers/staging/bcm2835-audio/bcm2835-vchiq.c b/drivers/staging/bcm2835-audio/bcm2835-vchiq.c index af0cd0b36bc5..fa23a13f8d95 100644 --- a/drivers/staging/bcm2835-audio/bcm2835-vchiq.c +++ b/drivers/staging/bcm2835-audio/bcm2835-vchiq.c @@ -135,8 +135,9 @@ int bcm2835_audio_start(struct bcm2835_alsa_stream *alsa_stream) LOG_DBG(" .. IN\n"); if (alsa_stream->my_wq) { - struct bcm2835_audio_work *work = - kmalloc(sizeof(struct bcm2835_audio_work *), GFP_ATOMIC); + struct bcm2835_audio_work *work; + + work = kmalloc(sizeof(*work), GFP_ATOMIC); /*--- Queue some work (item 1) ---*/ if (work) { INIT_WORK(&work->my_work, my_wq_function); @@ -157,8 +158,9 @@ int bcm2835_audio_stop(struct bcm2835_alsa_stream *alsa_stream) LOG_DBG(" .. IN\n"); if (alsa_stream->my_wq) { - struct bcm2835_audio_work *work = - kmalloc(sizeof(struct bcm2835_audio_work *), GFP_ATOMIC); + struct bcm2835_audio_work *work; + + work = kmalloc(sizeof(*work), GFP_ATOMIC); /*--- Queue some work (item 1) ---*/ if (work) { INIT_WORK(&work->my_work, my_wq_function); @@ -180,8 +182,9 @@ int bcm2835_audio_write(struct bcm2835_alsa_stream *alsa_stream, LOG_DBG(" .. IN\n"); if (alsa_stream->my_wq) { - struct bcm2835_audio_work *work = - kmalloc(sizeof(struct bcm2835_audio_work *), GFP_ATOMIC); + struct bcm2835_audio_work *work; + + work = kmalloc(sizeof(*work), GFP_ATOMIC); /*--- Queue some work (item 1) ---*/ if (work) { INIT_WORK(&work->my_work, my_wq_function); -- cgit v1.2.3