Do not leak memory by updating pointer with potentially
NULL realloc return value.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/iio/light/adjd_s311.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
index 1cbb449..0adda5b 100644
--- a/drivers/iio/light/adjd_s311.c
+++ b/drivers/iio/light/adjd_s311.c
@@ -271,12 +271,18 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
const unsigned long *scan_mask)
{
struct adjd_s311_data *data = iio_priv(indio_dev);
- data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
+ u16 *new_buffer;
+ int ret = 0;
+
+ new_buffer = krealloc(data->buffer, indio_dev->scan_bytes,
GFP_KERNEL);
- if (!data->buffer)
- return -ENOMEM;
+ if (new_buffer == NULL) {
+ kfree(data->buffer);
+ ret = -ENOMEM;
+ }
+ data->buffer = new_buffer;
- return 0;
+ return ret;
}
static const struct iio_info adjd_s311_info = {
--
1.7.9.5
> Do not leak memory by updating pointer with potentially
> NULL realloc return value.
I agree
use of krealloc() was suggested in driver review (see
http://www.spinics.net/lists/linux-iio/msg05930.html) to shorten the code;
unfortunately, I misunderstood the semantics of krealloc() in case
allocation fails
this is the original code:
kfree(data->buffer);
data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
if (!data->buffer)
return -ENOMEM;
I suggest to switch back to that original code, there is no need preserve
the data in the buffer as krealloc does
thanks, p.
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
> ---
> drivers/iio/light/adjd_s311.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
> index 1cbb449..0adda5b 100644
> --- a/drivers/iio/light/adjd_s311.c
> +++ b/drivers/iio/light/adjd_s311.c
> @@ -271,12 +271,18 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
> const unsigned long *scan_mask)
> {
> struct adjd_s311_data *data = iio_priv(indio_dev);
> - data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
> + u16 *new_buffer;
> + int ret = 0;
> +
> + new_buffer = krealloc(data->buffer, indio_dev->scan_bytes,
> GFP_KERNEL);
> - if (!data->buffer)
> - return -ENOMEM;
> + if (new_buffer == NULL) {
> + kfree(data->buffer);
> + ret = -ENOMEM;
> + }
> + data->buffer = new_buffer;
>
> - return 0;
> + return ret;
> }
>
> static const struct iio_info adjd_s311_info = {
>
--
Peter Meerwald
+43-664-2444418 (mobile)
On 08/08/2012 09:17 AM, Peter Meerwald wrote:
>
>> Do not leak memory by updating pointer with potentially
>> NULL realloc return value.
>
> I agree
>
> use of krealloc() was suggested in driver review (see
> http://www.spinics.net/lists/linux-iio/msg05930.html) to shorten the code;
> unfortunately, I misunderstood the semantics of krealloc() in case
> allocation fails
My fault I guess, sorry for that.
>
> this is the original code:
>
> kfree(data->buffer);
> data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
> if (!data->buffer)
> return -ENOMEM;
>
> I suggest to switch back to that original code, there is no need preserve
> the data in the buffer as krealloc does
Agreed.
>
> thanks, p.
>
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <[email protected]>
>> ---
>> drivers/iio/light/adjd_s311.c | 14 ++++++++++----
>> 1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
>> index 1cbb449..0adda5b 100644
>> --- a/drivers/iio/light/adjd_s311.c
>> +++ b/drivers/iio/light/adjd_s311.c
>> @@ -271,12 +271,18 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
>> const unsigned long *scan_mask)
>> {
>> struct adjd_s311_data *data = iio_priv(indio_dev);
>> - data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> + u16 *new_buffer;
>> + int ret = 0;
>> +
>> + new_buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> GFP_KERNEL);
>> - if (!data->buffer)
>> - return -ENOMEM;
>> + if (new_buffer == NULL) {
>> + kfree(data->buffer);
>> + ret = -ENOMEM;
>> + }
>> + data->buffer = new_buffer;
>>
>> - return 0;
>> + return ret;
>> }
>>
>> static const struct iio_info adjd_s311_info = {
>>
>
On 08/08/2012 11:17 AM, Peter Meerwald wrote:
>> Do not leak memory by updating pointer with potentially
>> NULL realloc return value.
> I agree
>
> use of krealloc() was suggested in driver review (see
> http://www.spinics.net/lists/linux-iio/msg05930.html) to shorten the code;
> unfortunately, I misunderstood the semantics of krealloc() in case
> allocation fails
>
> this is the original code:
>
> kfree(data->buffer);
> data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
> if (!data->buffer)
> return -ENOMEM;
>
> I suggest to switch back to that original code, there is no need preserve
> the data in the buffer as krealloc does
That is fine.
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <[email protected]>
>> ---
>> drivers/iio/light/adjd_s311.c | 14 ++++++++++----
>> 1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
>> index 1cbb449..0adda5b 100644
>> --- a/drivers/iio/light/adjd_s311.c
>> +++ b/drivers/iio/light/adjd_s311.c
>> @@ -271,12 +271,18 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
>> const unsigned long *scan_mask)
>> {
>> struct adjd_s311_data *data = iio_priv(indio_dev);
>> - data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> + u16 *new_buffer;
>> + int ret = 0;
>> +
>> + new_buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> GFP_KERNEL);
>> - if (!data->buffer)
>> - return -ENOMEM;
>> + if (new_buffer == NULL) {
>> + kfree(data->buffer);
>> + ret = -ENOMEM;
>> + }
>> + data->buffer = new_buffer;
>>
>> - return 0;
>> + return ret;
>> }
>>
>> static const struct iio_info adjd_s311_info = {
>>
Do not leak memory by updating pointer with potentially NULL realloc return value.
There is no need to preserve data in the buffer,
so replace krealloc() by kfree()-kmalloc() pair.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/iio/light/adjd_s311.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
index 1cbb449..9a99f43 100644
--- a/drivers/iio/light/adjd_s311.c
+++ b/drivers/iio/light/adjd_s311.c
@@ -271,9 +271,10 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
const unsigned long *scan_mask)
{
struct adjd_s311_data *data = iio_priv(indio_dev);
- data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
- GFP_KERNEL);
- if (!data->buffer)
+
+ kfree(data->buffer);
+ data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
+ if (data->buffer == NULL)
return -ENOMEM;
return 0;
--
1.7.9.5
> Do not leak memory by updating pointer with potentially NULL realloc return value.
> There is no need to preserve data in the buffer,
> so replace krealloc() by kfree()-kmalloc() pair.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
Acked-by: Peter Meerwald <[email protected]>
> ---
> drivers/iio/light/adjd_s311.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
> index 1cbb449..9a99f43 100644
> --- a/drivers/iio/light/adjd_s311.c
> +++ b/drivers/iio/light/adjd_s311.c
> @@ -271,9 +271,10 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
> const unsigned long *scan_mask)
> {
> struct adjd_s311_data *data = iio_priv(indio_dev);
> - data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
> - GFP_KERNEL);
> - if (!data->buffer)
> +
> + kfree(data->buffer);
> + data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
> + if (data->buffer == NULL)
> return -ENOMEM;
>
> return 0;
>
--
Peter Meerwald
+43-664-2444418 (mobile)