2006-10-11 07:01:53

by Amit Choudhary

[permalink] [raw]
Subject: [PATCH 2.6.19-rc1] drivers/media/video/se401.c: fix memory leak.

Description: In function usb_se401_remove_disconnected() [drivers/media/video/se401.c], se401->sbuf[i].data was freed only when se401->urb[i] existed. This could result in a memory leak because sbuf[i].data is allocated before urb[i]. Let's assume that the memory gets exhausted while allocating for urb[i] Now, some event results in calling of usb_se401_remove_disconnected(). This will free sbuf[i].data only for those 'i' for which an urb exists. Since, we could not allocate all urb[i] as memory got exhausted, some of sbuf[i].data would never be freed at all.

Signed-off-by: Amit Choudhary <[email protected]>

diff --git a/drivers/media/video/se401.c b/drivers/media/video/se401.c
index d411a27..7d598e0 100644
--- a/drivers/media/video/se401.c
+++ b/drivers/media/video/se401.c
@@ -881,15 +881,18 @@ static void usb_se401_remove_disconnecte

se401->dev = NULL;

- for (i=0; i<SE401_NUMSBUF; i++)
+ for (i=0; i<SE401_NUMSBUF; i++) {
if (se401->urb[i]) {
usb_kill_urb(se401->urb[i]);
usb_free_urb(se401->urb[i]);
se401->urb[i] = NULL;
- kfree(se401->sbuf[i].data);
}
+ kfree(se401->sbuf[i].data);
+ se401->sbuf[i].data=NULL;
+ }
for (i=0; i<SE401_NUMSCRATCH; i++) {
kfree(se401->scratch[i].data);
+ se401->scratch[i].data=NULL;
}
if (se401->inturb) {
usb_kill_urb(se401->inturb);