From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 11 Jan 2017 17:27:53 +0100
The kfree() function was called in one case by the cfi_intelext_setup()
function during error handling even if the passed data structure member
contained a null pointer.
* Adjust a jump target according to the Linux coding style convention
so that memory will be also released for members of a data structure
before the container "mtd" in the error handling case.
* Delete a check which became unnecessary with this refactoring.
Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
drivers/mtd/chips/cfi_cmdset_0001.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c
index d7d3d398e4d4..7f6ed7293e40 100644
--- a/drivers/mtd/chips/cfi_cmdset_0001.c
+++ b/drivers/mtd/chips/cfi_cmdset_0001.c
@@ -601,7 +601,7 @@ static struct mtd_info *cfi_intelext_setup(struct mtd_info *mtd)
sizeof(*mtd->eraseregions),
GFP_KERNEL);
if (!mtd->eraseregions)
- goto setup_err;
+ goto free_priv;
for (i = 0; i < cfi->cfiq->NumEraseRegions; i++) {
unsigned long ernum, ersize;
@@ -657,16 +657,14 @@ static struct mtd_info *cfi_intelext_setup(struct mtd_info *mtd)
return mtd;
setup_err:
- if (mtd->eraseregions)
- for (i = 0; i < cfi->cfiq->NumEraseRegions; i++)
- for (j = 0; j < cfi->numchips; j++)
- kfree(mtd->eraseregions[j
- * cfi->cfiq
- ->NumEraseRegions
- + i].lockmap);
+ for (i = 0; i < cfi->cfiq->NumEraseRegions; i++)
+ for (j = 0; j < cfi->numchips; j++)
+ kfree(mtd->eraseregions[j * cfi->cfiq->NumEraseRegions
+ + i].lockmap);
kfree(mtd->eraseregions);
- kfree(mtd);
+free_priv:
kfree(cfi->cmdset_priv);
+ kfree(mtd);
return NULL;
}
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
