In qxl_bo_create(), the temporary 'bo' is allocated through kzalloc(). However, it is not deallocated in the following execution if ttm_bo_init() fails, leading to a memory leak bug. To fix this issue, free 'bo' before returning the error. Signed-off-by: Wenwen Wang <wenwen@xxxxxxxxxx> --- drivers/gpu/drm/qxl/qxl_object.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/qxl/qxl_object.c b/drivers/gpu/drm/qxl/qxl_object.c index 4928fa6..3b217fa 100644 --- a/drivers/gpu/drm/qxl/qxl_object.c +++ b/drivers/gpu/drm/qxl/qxl_object.c @@ -118,6 +118,7 @@ int qxl_bo_create(struct qxl_device *qdev, dev_err(qdev->ddev.dev, "object_init failed for (%lu, 0x%08X)\n", size, domain); + kfree(bo); return r; } *bo_ptr = bo; -- 2.7.4 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel