In case of an error stream_bufs is not freed here.
Signed-off-by: Andre Bartke <[email protected]>
---
.../staging/intel_sst/intel_sst_app_interface.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/intel_sst/intel_sst_app_interface.c b/drivers/staging/intel_sst/intel_sst_app_interface.c
index b8c7ddb..93b41a2 100644
--- a/drivers/staging/intel_sst/intel_sst_app_interface.c
+++ b/drivers/staging/intel_sst/intel_sst_app_interface.c
@@ -430,8 +430,10 @@ static int snd_sst_fill_kernel_list(struct stream_info *stream,
return -ENOMEM;
if (copy_from_user((void *) &rar_handle,
iovec[index].iov_base,
- sizeof(__u32)))
+ sizeof(__u32))) {
+ kfree(stream_bufs);
return -EFAULT;
+ }
stream_bufs->addr = (char *)rar_handle;
stream_bufs->in_use = false;
stream_bufs->size = iovec[0].iov_len;
--
1.7.5.2
On Tue, May 31, 2011 at 09:03:56PM +0200, Andre Bartke wrote:
> In case of an error stream_bufs is not freed here.
>
> Signed-off-by: Andre Bartke <[email protected]>
> ---
> .../staging/intel_sst/intel_sst_app_interface.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/staging/intel_sst/intel_sst_app_interface.c b/drivers/staging/intel_sst/intel_sst_app_interface.c
> index b8c7ddb..93b41a2 100644
> --- a/drivers/staging/intel_sst/intel_sst_app_interface.c
> +++ b/drivers/staging/intel_sst/intel_sst_app_interface.c
> @@ -430,8 +430,10 @@ static int snd_sst_fill_kernel_list(struct stream_info *stream,
> return -ENOMEM;
> if (copy_from_user((void *) &rar_handle,
> iovec[index].iov_base,
> - sizeof(__u32)))
> + sizeof(__u32))) {
> + kfree(stream_bufs);
> return -EFAULT;
> + }
> stream_bufs->addr = (char *)rar_handle;
Btw, the original code looks seems pretty awful. "rar_handle" is
a kernel pointer that we get from user space. It is a u32 type so
this won't work under a 64 bit OS.
These allocations get added to a list. Maybe we should free them
all? It's hard to say. There is only one place that calls this
function, and it ignores the return value.
regards,
dan carpenter
On Tue, 31 May 2011 21:03:56 +0200
Andre Bartke <[email protected]> wrote:
> In case of an error stream_bufs is not freed here.
>
> Signed-off-by: Andre Bartke <[email protected]>
Acked-by: Alan Cox <[email protected]>