On 8/13/24 07:02, Takashi Iwai wrote:
On Sun, 11 Aug 2024 22:23:36 +0200, Ivan Orlov wrote:+static int snd_utimer_ioctl_create(struct file *file, + struct snd_timer_uinfo __user *_utimer_info) +{ + struct snd_utimer *utimer; + struct snd_timer_uinfo *utimer_info __free(kfree) = NULL; + int err; + + utimer_info = memdup_user(_utimer_info, sizeof(*utimer_info)); + if (IS_ERR(utimer_info)) + return PTR_ERR(no_free_ptr(utimer_info)); + + err = snd_utimer_create(utimer_info, &utimer); + if (err < 0) + return err; + + utimer_info->id = utimer->id; + + err = copy_to_user(_utimer_info, utimer_info, sizeof(*utimer_info)); + if (err) { + snd_utimer_free(utimer); + return -EFAULT; + } + + return anon_inode_getfd(utimer->name, &snd_utimer_fops, utimer, O_RDWR | O_CLOEXEC);Wouldn't utimer be left unfreed if this returns an error?
Hi Takashi, Ah, yes, it will... :( Thanks! -- Kind regards, Ivan Orlov
