On Thu, Nov 20, 2014 at 01:45:05PM +0100, Oliver Neukum wrote: > On Wed, 2014-11-19 at 19:22 -0600, Ahmed Tamrawi wrote: > > Bug Report Filed: https://bugzilla.kernel.org/show_bug.cgi?id=88521 > > Linux Version [3.17-rc1] > > Configuration: Default configuration for x86 > > > > Function Source: > > http://lxr.free-electrons.com/source/drivers/usb/class/cdc-acm.c#L1404 > > > > In function (acm_probe) in file (drivers/usb/class/cdc-acm.c): > > > > Pointer (acm->country_codes) gets allocated in line (1404) and freed > > in lines (1414, 1424) if the call to function (device_create_file) > > fails (i < 0). However, if the conditions at (1413 and 1422) evaluates > > to false, the function (acm_probe) exists without freeing the pointer > > (acm->country_codes). Thus, causing a memory leak. > > Of course it exits without freeing acm->country_codes. That > attribute is exported via sysfs. It must not be freed before > the device is unplugged. Thus the code in acm_disconnect() > does that. acm_probe() frees acm->country_codes only if probe > fails. It looks like it's never freed in the alloc_fail8 error path of probe, though. Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
