hi,
Xidong Wang <wangxidong_97@xxxxxxx> writes:
> In function f_audio_set_alt(), the memory allocated by
> usb_ep_alloc_request() is not released on the error path
> that req->buf, which holds the return value of kzalloc(),
> is NULL. This will result in a memory leak bug.
>
> Signed-off-by: Xidong Wang <wangxidong_97@xxxxxxx>
> ---
> drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c
> index 24c086b..2fcdade 100644
> --- a/drivers/usb/gadget/function/f_uac1_legacy.c
> +++ b/drivers/usb/gadget/function/f_uac1_legacy.c
> @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
> ERROR(cdev,
> "%s queue req: %d\n",
> out_ep->name, err);
> - } else
> + } else {
> + usb_ep_free_request(
> + out_ep, req);
> err = -ENOMEM;
> + }
I feel like this hunk has been ping ponging between having
usb_ep_free_request() and not having it because completion callback will
call usb_ep_free_request() or something along those lines.
Can we get a final solution that solves all cases and doesn't introduce
other bugs?
--
balbi
Attachment:
signature.asc
Description: PGP signature
