if 'copy_from_user' fails, the 'rsxx_cram_write()' function
returns without freeing the allocated buffer 'buf'.
Free 'buf' before returning.
This issue has been reported by scan.coverity.com
Signed-off-by: Andi Shyti <[email protected]>
---
drivers/block/rsxx/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c
index 6e85e21..1ddb284 100644
--- a/drivers/block/rsxx/core.c
+++ b/drivers/block/rsxx/core.c
@@ -223,8 +223,10 @@ static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf,
return -ENOMEM;
st = copy_from_user(buf, ubuf, cnt);
- if (st)
+ if (st) {
+ kfree(buf);
return st;
+ }
info->f_pos = (u32)*ppos + info->offset;
--
1.8.4.rc2
Hi,
this version is a bit better since it fixes two memleak situations.
Andi
Andi Shyti (1):
rsxx: core: fix memory leak
drivers/block/rsxx/core.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--
1.8.4.rc2
Free 'buf' before returning.
the 'rsxx_cram_write()' function returns twice without freeing
the allocated buffer 'buf' causing a possible memory leak.
This issue has been reported by scan.coverity.com
Signed-off-by: Andi Shyti <[email protected]>
---
drivers/block/rsxx/core.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c
index 6e85e21..fa3740b 100644
--- a/drivers/block/rsxx/core.c
+++ b/drivers/block/rsxx/core.c
@@ -224,19 +224,20 @@ static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf,
st = copy_from_user(buf, ubuf, cnt);
if (st)
- return st;
+ goto exit;
info->f_pos = (u32)*ppos + info->offset;
st = rsxx_creg_write(card, CREG_ADD_CRAM + info->f_pos, cnt, buf, 1);
if (st)
- return st;
+ goto exit;
info->offset += cnt;
+exit:
kfree(buf);
- return cnt;
+ return st ? st : cnt;
}
static int rsxx_cram_open(struct inode *inode, struct file *file)
--
1.8.4.rc2