Description: Check the return value of kmalloc() in function se401_start_stream(), in file drivers/media/video/se401.c.
Signed-off-by: Amit Choudhary <[email protected]>
diff --git a/drivers/media/video/se401.c b/drivers/media/video/se401.c
index 7aeec57..006c818 100644
--- a/drivers/media/video/se401.c
+++ b/drivers/media/video/se401.c
@@ -450,6 +450,13 @@ static int se401_start_stream(struct usb
}
for (i=0; i<SE401_NUMSBUF; i++) {
se401->sbuf[i].data=kmalloc(SE401_PACKETSIZE, GFP_KERNEL);
+ if (!se401->sbuf[i].data) {
+ for(i = i - 1; i >= 0; i--) {
+ kfree(se401->sbuf[i].data);
+ se401->sbuf[i].data = NULL;
+ }
+ return -ENOMEM;
+ }
}
se401->bayeroffset=0;
@@ -458,13 +465,26 @@ static int se401_start_stream(struct usb
se401->scratch_overflow=0;
for (i=0; i<SE401_NUMSCRATCH; i++) {
se401->scratch[i].data=kmalloc(SE401_PACKETSIZE, GFP_KERNEL);
+ if (!se401->scratch[i].data) {
+ for(i = i - 1; i >= 0; i--) {
+ kfree(se401->scratch[i].data);
+ se401->scratch[i].data = NULL;
+ }
+ goto nomem_sbuf;
+ }
se401->scratch[i].state=BUFFER_UNUSED;
}
for (i=0; i<SE401_NUMSBUF; i++) {
urb=usb_alloc_urb(0, GFP_KERNEL);
- if(!urb)
- return -ENOMEM;
+ if(!urb) {
+ for(i = i - 1; i >= 0; i--) {
+ usb_kill_urb(se401->urb[i]);
+ usb_free_urb(se401->urb[i]);
+ se401->urb[i] = NULL;
+ }
+ goto nomem_scratch;
+ }
usb_fill_bulk_urb(urb, se401->dev,
usb_rcvbulkpipe(se401->dev, SE401_VIDEO_ENDPOINT),
@@ -482,6 +502,18 @@ static int se401_start_stream(struct usb
se401->framecount=0;
return 0;
+
+ nomem_scratch:
+ for (i=0; i<SE401_NUMSCRATCH; i++) {
+ kfree(se401->scratch[i].data);
+ se401->scratch[i].data = NULL;
+ }
+ nomem_sbuf:
+ for (i=0; i<SE401_NUMSBUF; i++) {
+ kfree(se401->sbuf[i].data);
+ se401->sbuf[i].data = NULL;
+ }
+ return -ENOMEM;
}
static int se401_stop_stream(struct usb_se401 *se401)
Ar Iau, 2006-10-19 am 22:16 -0700, ysgrifennodd Amit Choudhary:
> Description: Check the return value of kmalloc() in function se401_start_stream(), in file drivers/media/video/se401.c.
>
> Signed-off-by: Amit Choudhary <[email protected]>
This actually isn't needed for the first case as SE401_NUMSBUF is 1 but
the second fix is needed. Both are right and useful to merge in case
NUMSBUF is ever changed.
If you know se401->sbuf[] and se401->scratch , urb etc are being cleared
to NULL (or you did that) you could just use the kfree loops in nomem_
for all cases as kfree(NULL) is an allowed "no-op"
>
> If you know se401->sbuf[] and se401->scratch , urb etc are being cleared
> to NULL (or you did that) you could just use the kfree loops in nomem_
> for all cases as kfree(NULL) is an allowed "no-op"
>
>
In se401_stop_stream(), se401->sbuf[i].data is kfreed but not set to NULL. So, I could have
changed it there. But then I decided not to depend on anything else and do everything in
se401_start_stream(). But if this approach is wrong then please let me know.
Regards,
Amit
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com