On 29/06/2022 19:25, Jianglei Nie wrote:
q6apm_get_audioreach_graph() allocates a memory chunk for graph->graph
with audioreach_alloc_graph_pkt(). When idr_alloc() fails, graph->graph
is not released, which will lead to a memory leak.
We can release the graph->graph with kfree() when idr_alloc() fails to
fix the memory leak.
thanks for catching this, wondering did you hit this bug while testing
or was it a some tooling that discovered this bug?
Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
---
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxx>
sound/soc/qcom/qdsp6/q6apm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/qcom/qdsp6/q6apm.c b/sound/soc/qcom/qdsp6/q6apm.c
index f424d7aa389a..794019286c70 100644
--- a/sound/soc/qcom/qdsp6/q6apm.c
+++ b/sound/soc/qcom/qdsp6/q6apm.c
@@ -75,6 +75,7 @@ static struct audioreach_graph *q6apm_get_audioreach_graph(struct q6apm *apm, ui
id = idr_alloc(&apm->graph_idr, graph, graph_id, graph_id + 1, GFP_KERNEL);
if (id < 0) {
dev_err(apm->dev, "Unable to allocate graph id (%d)\n", graph_id);
+ kfree(graph->graph);
kfree(graph);
mutex_unlock(&apm->lock);
return ERR_PTR(id);