In onenand_scan(), if CONFIG_MTD_ONENAND_VERIFY_WRITE is defined,
'this->verify_buf' is allocated through kzalloc(). However, it is not
deallocated in the following execution, if the allocation for
'this->oob_buf' fails, leading to a memory leak bug. To fix this issue,
free 'this->verify_buf' before returning the error.
Signed-off-by: Wenwen Wang <[email protected]>
---
drivers/mtd/nand/onenand/onenand_base.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mtd/nand/onenand/onenand_base.c b/drivers/mtd/nand/onenand/onenand_base.c
index e082d63..77bd32a 100644
--- a/drivers/mtd/nand/onenand/onenand_base.c
+++ b/drivers/mtd/nand/onenand/onenand_base.c
@@ -3880,6 +3880,9 @@ int onenand_scan(struct mtd_info *mtd, int maxchips)
if (!this->oob_buf) {
if (this->options & ONENAND_PAGEBUF_ALLOC) {
this->options &= ~ONENAND_PAGEBUF_ALLOC;
+#ifdef CONFIG_MTD_ONENAND_VERIFY_WRITE
+ kfree(this->verify_buf);
+#endif
kfree(this->page_buf);
}
return -ENOMEM;
--
2.7.4
On Sun, 2019-08-18 at 15:52:49 UTC, Wenwen Wang wrote:
> In onenand_scan(), if CONFIG_MTD_ONENAND_VERIFY_WRITE is defined,
> 'this->verify_buf' is allocated through kzalloc(). However, it is not
> deallocated in the following execution, if the allocation for
> 'this->oob_buf' fails, leading to a memory leak bug. To fix this issue,
> free 'this->verify_buf' before returning the error.
>
> Signed-off-by: Wenwen Wang <[email protected]>
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.
Miquel