From: Julia Lawall <julia@xxxxxxx> Add missing call to gdth_ioctl_free before aborting. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression buf,ha,len,addr,E; @@ buf = gdth_ioctl_alloc(ha, len, FALSE, &addr) ... when != false buf != NULL when != true buf == NULL when != \(E = buf\|buf = E\) when != gdth_ioctl_free(ha, len, buf, addr) *return ...; // </smpl> Signed-off-by: Julia Lawall <julia@xxxxxxx> --- This code is badly indented throughout, making the patch look like it is badly indented. drivers/scsi/gdth.c | 4 +++- drivers/scsi/gdth_proc.c | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/gdth_proc.c b/drivers/scsi/gdth_proc.c index 0572b9b..6527543 100644 --- a/drivers/scsi/gdth_proc.c +++ b/drivers/scsi/gdth_proc.c @@ -365,8 +365,10 @@ static int gdth_get_info(char *buffer,char **start,off_t offset,int length, len = 0; begin = pos; } - if (pos > offset + length) + if (pos > offset + length) { + gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); goto stop_output; + } } } gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); @@ -450,8 +452,10 @@ static int gdth_get_info(char *buffer,char **start,off_t offset,int length, len = 0; begin = pos; } - if (pos > offset + length) + if (pos > offset + length) { + gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); goto stop_output; + } } while (drv_no != -1); if (is_mirr) { @@ -472,8 +476,10 @@ static int gdth_get_info(char *buffer,char **start,off_t offset,int length, len = 0; begin = pos; } - if (pos > offset + length) + if (pos > offset + length) { + gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); goto stop_output; + } } gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); @@ -542,8 +548,10 @@ static int gdth_get_info(char *buffer,char **start,off_t offset,int length, len = 0; begin = pos; } - if (pos > offset + length) + if (pos > offset + length) { + gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); goto stop_output; + } } } gdth_ioctl_free(ha, GDTH_SCRATCH, buf, paddr); diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 7636570..3242bca 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -4273,8 +4273,10 @@ static int ioc_general(void __user *arg, char *cmnd) } rval = __gdth_execute(ha->sdev, &gen.command, cmnd, gen.timeout, &gen.info); - if (rval < 0) + if (rval < 0) { + gdth_ioctl_free(ha, gen.data_len+gen.sense_len, buf, paddr); return rval; + } gen.status = rval; if (copy_to_user(arg + sizeof(gdth_ioctl_general), buf, -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html