2010-07-16 16:15:10

by Kulikov Vasiliy

[permalink] [raw]
Subject: [PATCH 08/15] staging: tm6000: fix null dereference and memory leak

Do not dereference ir_input_dev if it is NULL.

Also free ir_input_dev->input_dev on error path.

Signed-off-by: Kulikov Vasiliy <[email protected]>
---
drivers/staging/tm6000/tm6000-input.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/drivers/staging/tm6000/tm6000-input.c b/drivers/staging/tm6000/tm6000-input.c
index 32f7a0a..5edf728 100644
--- a/drivers/staging/tm6000/tm6000-input.c
+++ b/drivers/staging/tm6000/tm6000-input.c
@@ -247,8 +247,10 @@ int tm6000_ir_init(struct tm6000_core *dev)

ir = kzalloc(sizeof(*ir), GFP_KERNEL);
ir_input_dev = kzalloc(sizeof(*ir_input_dev), GFP_KERNEL);
+ if (!ir || !ir_input_dev)
+ goto err_out_free;
ir_input_dev->input_dev = input_allocate_device();
- if (!ir || !ir_input_dev || !ir_input_dev->input_dev)
+ if (!ir_input_dev->input_dev)
goto err_out_free;

/* record handles to ourself */
@@ -330,6 +332,8 @@ int tm6000_ir_init(struct tm6000_core *dev)
err_out_stop:
dev->ir = NULL;
err_out_free:
+ if (ir_input_dev)
+ input_free_device(ir_input_dev->input_dev);
kfree(ir_input_dev);
kfree(ir);
return err;
--
1.7.0.4