On 9/12/22 04:50, xkernel.wang@xxxxxxxxxxx wrote:
From: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>
In rtw_xmit_resource_alloc(), if usb_alloc_urb() fails, then the memory
`pxmitbuf->pallocated_buf` which is allocated by kzalloc() is not properly
released before returning.
So this patch adds kfree() on the above error path to release it in time.
Tested-by: Philipp Hortmann <philipp.g.hortmann@xxxxxxxxx> # Edimax N150
Signed-off-by: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>
---
ChangeLog:
v1->v2 update the description.
v2->v3 rebase.
v3->v4 update the description.
v4->v5 rebase and update the corresponding subject and description.
Note that the original function name was changed, so the subject of this
patch is updated from "[PATCH v4] staging: r8188eu: fix potential memory
leak in rtw_os_xmit_resource_alloc()" to "[PATCH v5] staging: r8188eu: add
kfree() on an error path of rtw_xmit_resource_alloc()".
In addition, thanks to Philipp Hortmann for his testing and advice.
drivers/staging/r8188eu/core/rtw_xmit.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
index 67f9c05..9c39d08 100644
--- a/drivers/staging/r8188eu/core/rtw_xmit.c
+++ b/drivers/staging/r8188eu/core/rtw_xmit.c
@@ -44,8 +44,10 @@ static int rtw_xmit_resource_alloc(struct adapter *padapter, struct xmit_buf *px
pxmitbuf->dma_transfer_addr = 0;
pxmitbuf->pxmit_urb = usb_alloc_urb(0, GFP_KERNEL);
- if (!pxmitbuf->pxmit_urb)
+ if (!pxmitbuf->pxmit_urb) {
+ kfree(pxmitbuf->pallocated_buf);
return _FAIL;
+ }
return _SUCCESS;
}
Tested-by: Philipp Hortmann <philipp.g.hortmann@xxxxxxxxx> # Edimax N150