Fix memory leak when _ep is null.
http://bugzilla.kernel.org/show_bug.cgi?id=10660
Noticed-by: Daniel Marjamäki <[email protected]>
Signed-off-by: Marcin Slusarz <[email protected]>
Cc: David Brownell <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/gadget/pxa27x_udc.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/drivers/usb/gadget/pxa27x_udc.c b/drivers/usb/gadget/pxa27x_udc.c
index e02bfd4..e3a5d53 100644
--- a/drivers/usb/gadget/pxa27x_udc.c
+++ b/drivers/usb/gadget/pxa27x_udc.c
@@ -650,8 +650,11 @@ pxa_ep_alloc_request(struct usb_ep *_ep, gfp_t gfp_flags)
{
struct pxa27x_request *req;
+ if (!_ep)
+ return NULL;
+
req = kzalloc(sizeof *req, gfp_flags);
- if (!req || !_ep)
+ if (!req)
return NULL;
INIT_LIST_HEAD(&req->queue);
--
1.5.4.5
On Sunday 22 June 2008, Marcin Slusarz wrote:
> --- a/drivers/usb/gadget/pxa27x_udc.c
> +++ b/drivers/usb/gadget/pxa27x_udc.c
> @@ -650,8 +650,11 @@ pxa_ep_alloc_request(struct usb_ep *_ep, gfp_t gfp_flags)
> {
> struct pxa27x_request *req;
>
> + if (!_ep)
> + return NULL;
> +
Correct enough as it goes, except that it *can't* be null by virtue
of how it's called. See <include/linux/usb/gadget.h> for:
static inline struct usb_request *usb_ep_alloc_request(struct usb_ep *ep,
gfp_t gfp_flags)
{
return ep->ops->alloc_request(ep, gfp_flags);
}
If it were null it couldn't get here. A better fix would just
remove the null check here (and possibly elsewhere).
- Dave
> req = kzalloc(sizeof *req, gfp_flags);
> - if (!req || !_ep)
> + if (!req)
> return NULL;
>
> INIT_LIST_HEAD(&req->queue);
> --
> 1.5.4.5
>