On Tue, May 31, 2011 at 09:03:56PM +0200, Andre Bartke wrote:
> In case of an error stream_bufs is not freed here.
>
> Signed-off-by: Andre Bartke <andre.bartke@xxxxxxxxx>
> ---
> .../staging/intel_sst/intel_sst_app_interface.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/staging/intel_sst/intel_sst_app_interface.c b/drivers/staging/intel_sst/intel_sst_app_interface.c
> index b8c7ddb..93b41a2 100644
> --- a/drivers/staging/intel_sst/intel_sst_app_interface.c
> +++ b/drivers/staging/intel_sst/intel_sst_app_interface.c
> @@ -430,8 +430,10 @@ static int snd_sst_fill_kernel_list(struct stream_info *stream,
> return -ENOMEM;
> if (copy_from_user((void *) &rar_handle,
> iovec[index].iov_base,
> - sizeof(__u32)))
> + sizeof(__u32))) {
> + kfree(stream_bufs);
> return -EFAULT;
> + }
> stream_bufs->addr = (char *)rar_handle;
Btw, the original code looks seems pretty awful. "rar_handle" is
a kernel pointer that we get from user space. It is a u32 type so
this won't work under a 64 bit OS.
These allocations get added to a list. Maybe we should free them
all? It's hard to say. There is only one place that calls this
function, and it ignores the return value.
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
