In sync_file_merge(), 'fences' is firstly allocated through kcalloc().
Later on, if the size is not sufficient, krealloc() is invoked to
reallocate 'nfences', which is assigned to 'fences'. However, if krealloc()
fails, 'fences' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'fences' before go to the 'err' label.
Signed-off-by: Wenwen Wang <wenwen@xxxxxxxxxx>
---
drivers/dma-buf/sync_file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/dma-buf/sync_file.c b/drivers/dma-buf/sync_file.c
index ee4d1a9..6e2b2d3 100644
--- a/drivers/dma-buf/sync_file.c
+++ b/drivers/dma-buf/sync_file.c
@@ -272,8 +272,10 @@ static struct sync_file *sync_file_merge(const char *name, struct sync_file *a,
if (num_fences > i) {
nfences = krealloc(fences, i * sizeof(*fences),
GFP_KERNEL);
- if (!nfences)
+ if (!nfences) {
+ kfree(fences);
goto err;
+ }
fences = nfences;
}
--
2.7.4
