Function snd_pcm_create() will return a negative number when it fails to create a new PCM instance, thus its return value shall be checked before further manipulations of the created PCM. But in function lx_pcm_create(), at sound/pci/lx6464es/lx6464es.c:839, there is no checking of the return value of lx_pcm_create() at line 853, which may trigger an invalid memmory access error when dereferencing variable pcm at line 856.
The related codes in lx_pcm_create() are as following.
853 err = snd_pcm_new(chip->card, (char *)card_name, 0,
854 1, 1, &pcm);
856 pcm->private_data = chip;
Generally, the return value of snd_pcm_create() shall be checked to make sure that the PCM instance is create successfully. Like the following codes from the same device driver.
2225 err = snd_pcm_new(chip->card, "AZF3328 DSP", AZF_PCMDEV_STD,
2226 1, 1, &pcm);
2227 if (err < 0)
2228 return err;
2229 snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
I am sorry to trouble, but I want to make sure whether this a real bug or a false positive.
This does look like a bug in the lx6464es.c sound driver. If you'd like to fix it, you can try sending a patch to Jaroslav Kysela <email@example.com> and Takashi Iwai <firstname.lastname@example.org> (maintainers of the sound system).
Yes, it looks like a real bug. I fixed now in sound git tree.
A patch referencing this bug report has been merged in Linux v3.6-rc3:
Author: Takashi Iwai <email@example.com>
Date: Tue Aug 14 17:42:11 2012 +0200
ALSA: lx6464es: Add a missing error check