On 9/3/24 11:54 AM, Riyan Dhiman wrote:
In the open_getadapter_fib() function, memory allocated for the fibctx structure
was not freed when copy_to_user() failed. This can lead to memory leaks as the
allocated memory remains unreferenced and cannot be reclaimed.
This patch ensures that the allocated memory for fibctx is properly
freed if copy_to_user() fails, thereby preventing potential memory leaks.
What made you analyze the code modified by this patch?
How has this patch been tested?
Changes:
- Added kfree(fibctx); to release memory when copy_to_user() fails.
Changes compared to what? I don't see a version number in the email
subject.
@@ -220,6 +220,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg)
if (copy_to_user(arg, &fibctx->unique,
sizeof(fibctx->unique))) {
status = -EFAULT;
+ kfree(fibctx);
} else {
status = 0;
}
Just above the copy_to_user() call there is the following statement:
list_add_tail(&fibctx->next, &dev->fib_list);
Does that mean that the above kfree() will cause list corruption?
Bart.
