2006-10-11 06:45:44

by Amit Choudhary

Subject: [PATCH 2.6.19-rc1 2/2] drivers/media/video/se401.c: check kmalloc() return value.

Description: In function se401_stop_stream() [drivers/media/video/se401.c], se401->sbuf[i].data was freed only when se401->urb[i] existed. This could result in a memory leak because sbuf[i].data is allocated before urb[i]. Hence, if the memory gets exhausted while allocating for sbuf[i], the urb[i] would still be NULL, and this would result in sbuf[i] not getting freed when se401_stop_stream() is called.

Signed-off-by: Amit Choudhary <[email protected]>

diff --git a/drivers/media/video/se401.c b/drivers/media/video/se401.c
index 20b91db..d411a27 100644
--- a/drivers/media/video/se401.c
+++ b/drivers/media/video/se401.c
@@ -509,11 +509,14 @@ static int se401_stop_stream(struct usb_
se401_sndctrl(1, se401, SE401_REQ_LED_CONTROL, 0, NULL, 0);
se401_sndctrl(1, se401, SE401_REQ_CAMERA_POWER, 0, NULL, 0);

- for (i=0; i<SE401_NUMSBUF; i++) if (se401->urb[i]) {
- usb_kill_urb(se401->urb[i]);
- usb_free_urb(se401->urb[i]);
- se401->urb[i]=NULL;
+ for (i=0; i<SE401_NUMSBUF; i++) {
+ if (se401->urb[i]) {
+ usb_kill_urb(se401->urb[i]);
+ usb_free_urb(se401->urb[i]);
+ se401->urb[i]=NULL;
+ }
kfree(se401->sbuf[i].data);
+ se401->sbuf[i].data=NULL;
}
for (i=0; i<SE401_NUMSCRATCH; i++) {
kfree(se401->scratch[i].data);