Re: [PATCH] iio: hid-sensors: Fix memory leak on failure path in hid_prox_probe()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07.05.2015 01:00, Fabio Estevam wrote:
> On Wed, May 6, 2015 at 6:48 PM, Alexey Khoroshilov
> <khoroshilov@xxxxxxxxx> wrote:
>> If prox_parse_report() fails, memory allocated for channels is not
>> deallocated, since it is still in local variable channels
>> while kfree() is called with indio_dev->channels.
>>
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
>> ---
>>  drivers/iio/light/hid-sensor-prox.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/iio/light/hid-sensor-prox.c b/drivers/iio/light/hid-sensor-prox.c
>> index 91ecc46ffeaa..d0d188108a11 100644
>> --- a/drivers/iio/light/hid-sensor-prox.c
>> +++ b/drivers/iio/light/hid-sensor-prox.c
>> @@ -281,8 +281,9 @@ static int hid_prox_probe(struct platform_device *pdev)
>>         ret = prox_parse_report(pdev, hsdev, channels,
>>                                 HID_USAGE_SENSOR_PROX, prox_state);
>>         if (ret) {
>> +               kfree(channels);
>>                 dev_err(&pdev->dev, "failed to setup attributes\n");
>> -               goto error_free_dev_mem;
>> +               return ret;
> 
> Then the other calls to error_free_dev_mem will also miss to call
> 'kfree(channels)'.
> 

Not exactly. Other calls are after
  indio_dev->channels = channels;
So,
error_free_dev_mem:
	kfree(indio_dev->channels);
works for them well.

--
Alexey


--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Input]     [Linux Kernel]     [Linux SCSI]     [X.org]

  Powered by Linux