From: Julia Lawall <julia@xxxxxxx> A call to cfg80211_get_bss hould be accompanied by a call to cfg80211_put_bss in error-handling code. A simplified version of the semantic match that finds this problem is: (http://coccinelle.lip6.fr/) // <smpl> @r exists@ local idexpression struct cfg80211_bss * x; expression ra,rr; position p1,p2; @@ x = cfg80211_get_bss@p1(...) ... when != x = rr when != cfg80211_put_bss(x,...) when != if (...) { ... cfg80211_put_bss(x,...) ...} if(...) { ... when != x = ra when forall when != cfg80211_put_bss(x,...) \(return <+...x...+>; \| return@xxxxx; \) } @script:python@ p1 << r.p1; p2 << r.p2; @@ cocci.print_main("cfg80211_get_bss",p1) cocci.print_secs("return",p2) // </smpl> Signed-off-by: Julia Lawall <julia@xxxxxxx> --- I don't really understand the use of the bss variable later. Afterwards, along the normal execution path, there is also a call to cfg80211_put_bss, but at this point bss has been redefined, and I don't have the impression that it still points to the same value. drivers/staging/ath6kl/os/linux/cfg80211.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/ath6kl/os/linux/cfg80211.c b/drivers/staging/ath6kl/os/linux/cfg80211.c index efd4ae5..1e6a343 100644 --- a/drivers/staging/ath6kl/os/linux/cfg80211.c +++ b/drivers/staging/ath6kl/os/linux/cfg80211.c @@ -545,6 +545,7 @@ ar6k_cfg80211_connect_event(struct ar6_softc *ar, u16 channel, if(!ieeemgmtbuf) { AR_DEBUG_PRINTF(ATH_DEBUG_ERR, ("%s: ieeeMgmtbuf alloc error\n", __func__)); + cfg80211_put_bss(bss); return; } _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
