The allocated cros_ec_command message structure is not freed in function
sequence_store(). Make sure that 'msg' is freed in all exit paths.
Detected by Coverity CID 1309667.
Signed-off-by: Christian Engelmayer <[email protected]>
---
Compile tested only. Applies against linux-next.
---
drivers/platform/chrome/cros_ec_lightbar.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/drivers/platform/chrome/cros_ec_lightbar.c b/drivers/platform/chrome/cros_ec_lightbar.c
index 144e09df9b84..fc30a991b738 100644
--- a/drivers/platform/chrome/cros_ec_lightbar.c
+++ b/drivers/platform/chrome/cros_ec_lightbar.c
@@ -352,10 +352,6 @@ static ssize_t sequence_store(struct device *dev, struct device_attribute *attr,
struct cros_ec_dev *ec = container_of(dev,
struct cros_ec_dev, class_dev);
- msg = alloc_lightbar_cmd_msg(ec);
- if (!msg)
- return -ENOMEM;
-
for (len = 0; len < count; len++)
if (!isalnum(buf[len]))
break;
@@ -370,21 +366,30 @@ static ssize_t sequence_store(struct device *dev, struct device_attribute *attr,
return ret;
}
+ msg = alloc_lightbar_cmd_msg(ec);
+ if (!msg)
+ return -ENOMEM;
+
param = (struct ec_params_lightbar *)msg->data;
param->cmd = LIGHTBAR_CMD_SEQ;
param->seq.num = num;
ret = lb_throttle();
if (ret)
- return ret;
+ goto exit;
ret = cros_ec_cmd_xfer(ec->ec_dev, msg);
if (ret < 0)
- return ret;
+ goto exit;
- if (msg->result != EC_RES_SUCCESS)
- return -EINVAL;
+ if (msg->result != EC_RES_SUCCESS) {
+ ret = -EINVAL;
+ goto exit;
+ }
- return count;
+ ret = count;
+exit:
+ kfree(msg);
+ return ret;
}
/* Module initialization */
--
1.9.1
On Sat, Jul 18, 2015 at 07:30:33PM +0200, Christian Engelmayer wrote:
> The allocated cros_ec_command message structure is not freed in function
> sequence_store(). Make sure that 'msg' is freed in all exit paths.
> Detected by Coverity CID 1309667.
>
> Signed-off-by: Christian Engelmayer <[email protected]>
> ---
> Compile tested only. Applies against linux-next.
Applied with adjusted patch subject (platform/chrome: cros_ec: ..)
-Olof