When videobuf_waiton() fails, we should execute clean
functions to prevent memleak. It's the same when
__videobuf_copy_to_user() fails.
Fixes: 7a7d9a89d0307 ("V4L/DVB (6251): Replace video-buf to a more generic approach")
Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
---
drivers/media/v4l2-core/videobuf-core.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/media/v4l2-core/videobuf-core.c b/drivers/media/v4l2-core/videobuf-core.c
index 606a271bdd2d..0709b75d11cd 100644
--- a/drivers/media/v4l2-core/videobuf-core.c
+++ b/drivers/media/v4l2-core/videobuf-core.c
@@ -924,8 +924,12 @@ ssize_t videobuf_read_one(struct videobuf_queue *q,
/* wait until capture is done */
retval = videobuf_waiton(q, q->read_buf, nonblocking, 1);
- if (0 != retval)
+ if (retval != 0) {
+ q->ops->buf_release(q, q->read_buf);
+ kfree(q->read_buf);
+ q->read_buf = NULL;
goto done;
+ }
CALL(q, sync, q, q->read_buf);
@@ -940,8 +944,12 @@ ssize_t videobuf_read_one(struct videobuf_queue *q,
/* Copy to userspace */
retval = __videobuf_copy_to_user(q, q->read_buf, data, count, nonblocking);
- if (retval < 0)
+ if (retval < 0) {
+ q->ops->buf_release(q, q->read_buf);
+ kfree(q->read_buf);
+ q->read_buf = NULL;
goto done;
+ }
q->read_off += retval;
if (q->read_off == q->read_buf->size) {
--
2.17.1
