2003-03-13 19:07:38

by Oleg Drokin

[permalink] [raw]
Subject: [2.5] memleak in OSS emu10k1 driver in emu10k1_audio_open

Hello!

There is a memleak on error exit path in OSS emu10k1 driver, also
incorrect value is returned.
And it seems to be not that bad idea to free some grabbed mem before BUG(),
too.
See the patch.
Found with help of smatch + enhanced unfree script.

Bye,
Oleg

===== sound/oss/emu10k1/audio.c 1.13 vs edited =====
--- 1.13/sound/oss/emu10k1/audio.c Mon Feb 11 05:50:09 2002
+++ edited/sound/oss/emu10k1/audio.c Thu Mar 13 22:14:40 2003
@@ -1136,7 +1136,8 @@

if ((wiinst = (struct wiinst *) kmalloc(sizeof(struct wiinst), GFP_KERNEL)) == NULL) {
ERROR();
- return -ENODEV;
+ kfree(wave_dev);
+ return -ENOMEM;
}

wiinst->recsrc = card->wavein.recsrc;
@@ -1162,6 +1163,8 @@
wiinst->format.channels = hweight32(wiinst->fxwc);
break;
default:
+ kfree(wave_dev);
+ kfree(wiinst);
BUG();
break;
}