On Wed, 07 Aug 2019 08:15:17 +0200,
Wenwen Wang wrote:
>
> In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later
> on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'.
> However, if the initialization fails, 'rt' is not deallocated, leading to a
> memory leak bug.
>
> To fix the above issue, free 'rt' before returning the error.
>
> Signed-off-by: Wenwen Wang <wenwen@xxxxxxxxxx>
> ---
> sound/usb/hiface/pcm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c
> index 14fc1e1..5dbcd0d 100644
> --- a/sound/usb/hiface/pcm.c
> +++ b/sound/usb/hiface/pcm.c
> @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8
> extra_freq)
> for (i = 0; i < PCM_N_URBS; i++) {
> ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP,
> hiface_pcm_out_urb_handler);
> - if (ret < 0)
> + if (ret < 0) {
> + kfree(rt);
> return ret;
> + }
Unfortunately this still leaves some memory. We need to release
rt->out_urbs[], too. The relevant code is already in
hiface_pcm_destroy(), so factor out the looped kfree() there and call
it from both places.
Care to resubmit with more fixes?
thanks,
Takashi
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
