topology: decode: Fix channel map memory allocation

Memory allocated on the stack was referenced outside of the function scope
caused undefined behaviour.

Signed-off-by: Piotr Maziarz <piotrx.maziarz@linux.intel.com>
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>

diff --git a/src/topology/ctl.c b/src/topology/ctl.c
index 90241b6..6e6c1d1 100644 (file)
--- a/src/topology/ctl.c
+++ b/src/topology/ctl.c
@@ -1330,7 +1330,6 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg,
                              void *bin, size_t size)
 {
        struct snd_soc_tplg_enum_control *ec = bin;
-       struct snd_tplg_channel_map_template cmt;
        int i;
 
        if (size < sizeof(*ec)) {
@@ -1375,11 +1374,13 @@ int tplg_decode_control_enum1(snd_tplg_t *tplg,
                }
        }
 
-       et->map = &cmt;
-       memset(&cmt, 0, sizeof(cmt));
-       cmt.num_channels = ec->num_channels;
-       for (i = 0; i < cmt.num_channels; i++) {
-               struct snd_tplg_channel_elem *channel = &cmt.channel[i];
+       et->map = tplg_calloc(heap, sizeof(struct snd_tplg_channel_map_template));
+       if (!et->map)
+               return -ENOMEM;
+       et->map->num_channels = ec->num_channels;
+       for (i = 0; i < et->map->num_channels; i++) {
+               struct snd_tplg_channel_elem *channel = &et->map->channel[i];
+
                tplg_log(tplg, 'D', pos + ((void *)&ec->channel[i] - (void *)ec),
                         "enum: channel size %d", ec->channel[i].size);
                channel->reg = ec->channel[i].reg;