Hi,
While reading
drivers/media/video/tlg2300/pd-video.c::alloc_bulk_urbs_generic() I
noticed that
- We don't free the memory allocated to 'urb' if the call to
usb_alloc_coherent() fails.
- If the 'num' argument to the function is ever <= 0 we'll return an
uninitialized variable 'i' to the caller.
The following patch addresses both of the above by a) calling
usb_free_urb() when usb_alloc_coherent() fails and by explicitly
initializing 'i' to zero.
I also moved the variables 'mem' and 'urb' inside the for loop. This does
not actually make any difference, it just seemed more correct to me to let
variables exist only in the innermost scope they are used.
Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
---
pd-video.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
compile tested only.
diff --git a/drivers/media/video/tlg2300/pd-video.c b/drivers/media/video/tlg2300/pd-video.c
index a1ffe18..df33a1d 100644
--- a/drivers/media/video/tlg2300/pd-video.c
+++ b/drivers/media/video/tlg2300/pd-video.c
@@ -512,19 +512,20 @@ int alloc_bulk_urbs_generic(struct urb **urb_array, int num,
int buf_size, gfp_t gfp_flags,
usb_complete_t complete_fn, void *context)
{
- struct urb *urb;
- void *mem;
- int i;
+ int i = 0;
- for (i = 0; i < num; i++) {
- urb = usb_alloc_urb(0, gfp_flags);
+ for (; i < num; i++) {
+ void *mem;
+ struct urb *urb = usb_alloc_urb(0, gfp_flags);
if (urb == NULL)
return i;
mem = usb_alloc_coherent(udev, buf_size, gfp_flags,
&urb->transfer_dma);
- if (mem == NULL)
+ if (mem == NULL) {
+ usb_free_urb(urb);
return i;
+ }
usb_fill_bulk_urb(urb, udev, usb_rcvbulkpipe(udev, ep_addr),
mem, buf_size, complete_fn, context);
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
