Description: Check the return value of kmalloc() in function i810_open(), in file sound/oss/i810_audio.c.
Signed-off-by: Amit Choudhary <[email protected]>
diff --git a/sound/oss/i810_audio.c b/sound/oss/i810_audio.c
index 240cc79..a415967 100644
--- a/sound/oss/i810_audio.c
+++ b/sound/oss/i810_audio.c
@@ -2580,8 +2580,13 @@ static int i810_open(struct inode *inode
if (card->states[i] == NULL) {
state = card->states[i] = (struct i810_state *)
kmalloc(sizeof(struct i810_state), GFP_KERNEL);
- if (state == NULL)
+ if (state == NULL) {
+ for (--i; i >= 0; i--) {
+ kfree(card->states[i]);
+ card->states[i] = NULL;
+ }
return -ENOMEM;
+ }
memset(state, 0, sizeof(struct i810_state));
dmabuf = &state->dmabuf;
goto found_virt;
On 10/23/06, Amit Choudhary <[email protected]> wrote:
> @@ -2580,8 +2580,13 @@ static int i810_open(struct inode *inode
> if (card->states[i] == NULL) {
> state = card->states[i] = (struct i810_state *)
> kmalloc(sizeof(struct i810_state), GFP_KERNEL);
> - if (state == NULL)
> + if (state == NULL) {
> + for (--i; i >= 0; i--) {
> + kfree(card->states[i]);
> + card->states[i] = NULL;
> + }
> return -ENOMEM;
> + }
> memset(state, 0, sizeof(struct i810_state));
> dmabuf = &state->dmabuf;
> goto found_virt;
Looks wrong to me. We only allocate memory once in the loop (hint:
goto found_virt at the bottom here).