On Mon, Sep 05, 2016 at 05:33:00PM +0300, andrei.otcheretianski@xxxxxxxxx wrote: > In wpas_p2p_group_delete() free the pointer earlier, as the function > might return early. > diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c > @@ -929,6 +929,10 @@ static int wpas_p2p_group_delete(struct wpa_supplicant *wpa_s, > + os_free(wpa_s->p2p_group_common_freqs); > + wpa_s->p2p_group_common_freqs = NULL; > + wpa_s->p2p_group_common_freqs_num = 0; Hmm.. How exactly would this be fixing a memory leak when wpa_s->p2p_group_common_freqs is freed in wpas_p2p_deinit() which would be called if the group interface got removed before reached the later point down here: > @@ -968,10 +972,6 @@ static int wpas_p2p_group_delete(struct wpa_supplicant *wpa_s, > os_free(wpa_s->go_params); > wpa_s->go_params = NULL; > > - os_free(wpa_s->p2p_group_common_freqs); > - wpa_s->p2p_group_common_freqs = NULL; > - wpa_s->p2p_group_common_freqs_num = 0; And if wpa_s->p2p_group_common_freqs would have a memory leak, wouldn't wpa_s->go_params be in the same category? (And that is also freed in wpas_p2p_deinit() to make it not leak if wpas_p2p_group_delete() returns earlier..) -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
