It appears that 'new' can be allocated, and next time around
the loop, if something goes wrong, we lose the reference..
Spotted with the source checker from Coverity.com.
Signed-off-by: Dave Jones <[email protected]>
diff -urpN --exclude-from=/home/davej/.exclude bk-linus/drivers/net/wan/pc300_tty.c linux-2.6/drivers/net/wan/pc300_tty.c
--- bk-linus/drivers/net/wan/pc300_tty.c 2004-07-14 00:00:48.000000000 +0100
+++ linux-2.6/drivers/net/wan/pc300_tty.c 2004-08-23 14:08:15.000000000 +0100
@@ -789,6 +789,10 @@ void cpc_tty_receive(pc300dev_t *pc300de
cpc_writel(card->hw.scabase + DRX_REG(EDAL, ch),
RX_BD_ADDR(ch, pc300chan->rx_last_bd));
}
+ if (new) {
+ kfree(new);
+ new = NULL;
+ }
return;
}
@@ -834,7 +838,8 @@ void cpc_tty_receive(pc300dev_t *pc300de
cpc_tty->name);
cpc_tty_rx_disc_frame(pc300chan);
rx_len = 0;
- kfree((unsigned char *)new);
+ kfree(new);
+ new = NULL;
break; /* read next frame - while(1) */
}
@@ -843,7 +848,8 @@ void cpc_tty_receive(pc300dev_t *pc300de
cpc_tty_rx_disc_frame(pc300chan);
stats->rx_dropped++;
rx_len = 0;
- kfree((unsigned char *)new);
+ kfree(new);
+ new = NULL;
break; /* read next frame - while(1) */
}