xpad->bdata was dynamically allocated but never freed. Since it is
used for xpad->bulk_out->transfer_buffer, set URB_FREE_BUFFER flag
in order to get freed when usb_free_urb() called.
Signed-off-by: Namhyung Kim <[email protected]>
---
drivers/input/joystick/xpad.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
index f9fb7fa..f885902 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -955,6 +955,7 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
usb_fill_bulk_urb(xpad->bulk_out, udev,
usb_sndbulkpipe(udev, ep_irq_in->bEndpointAddress),
xpad->bdata, XPAD_PKT_LEN, xpad_bulk_out, xpad);
+ xpad->bulk_out->transfer_flags |= URB_FREE_BUFFER;
}
return 0;
--
1.7.0.4
IMHO kfree() here looks very confusing. xpad_led->name is an array
of char inside struct xpad_led and is not a dynamic memory itself.
But kfree() works well because it is a first member of the struct
so it points start address of the struct and frees the struct.
Change it to xpad_led for the correctness & readability and make
xpad->led NULL for the safety.
Signed-off-by: Namhyung Kim <[email protected]>
Cc: Jan Kratochvil <[email protected]>
---
drivers/input/joystick/xpad.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
index f885902..1ca49e8 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -728,7 +728,8 @@ static void xpad_led_disconnect(struct usb_xpad *xpad)
if (xpad_led) {
led_classdev_unregister(&xpad_led->led_cdev);
- kfree(xpad_led->name);
+ kfree(xpad_led);
+ xpad->led = NULL;
}
}
#else
--
1.7.0.4
Hi Namhyung,
On Thu, Dec 02, 2010 at 12:04:34AM +0900, Namhyung Kim wrote:
> IMHO kfree() here looks very confusing. xpad_led->name is an array
> of char inside struct xpad_led and is not a dynamic memory itself.
> But kfree() works well because it is a first member of the struct
> so it points start address of the struct and frees the struct.
This has already been fixed in my tree, thanks.
>
> Change it to xpad_led for the correctness & readability and make
> xpad->led NULL for the safety.
>
> Signed-off-by: Namhyung Kim <[email protected]>
> Cc: Jan Kratochvil <[email protected]>
> ---
> drivers/input/joystick/xpad.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
> index f885902..1ca49e8 100644
> --- a/drivers/input/joystick/xpad.c
> +++ b/drivers/input/joystick/xpad.c
> @@ -728,7 +728,8 @@ static void xpad_led_disconnect(struct usb_xpad *xpad)
>
> if (xpad_led) {
> led_classdev_unregister(&xpad_led->led_cdev);
> - kfree(xpad_led->name);
> + kfree(xpad_led);
> + xpad->led = NULL;
> }
> }
> #else
> --
> 1.7.0.4
>
--
Dmitry
On Thu, Dec 02, 2010 at 12:04:33AM +0900, Namhyung Kim wrote:
> xpad->bdata was dynamically allocated but never freed. Since it is
> used for xpad->bulk_out->transfer_buffer, set URB_FREE_BUFFER flag
> in order to get freed when usb_free_urb() called.
>
This is also already fixed in my tree (next branch, slated for 2.6.38).
Thanks.
--
Dmitry