In scarlett2_init_notify() if kmalloc() fails the allocated urb should
be released.
Signed-off-by: Chen Ni <[email protected]>
---
sound/usb/mixer_scarlett2.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/usb/mixer_scarlett2.c b/sound/usb/mixer_scarlett2.c
index 1150cf104985..4cad6b2a0292 100644
--- a/sound/usb/mixer_scarlett2.c
+++ b/sound/usb/mixer_scarlett2.c
@@ -8637,9 +8637,10 @@ static int scarlett2_init_notify(struct usb_mixer_interface *mixer)
return -ENOMEM;
transfer_buffer = kmalloc(private->wMaxPacketSize, GFP_KERNEL);
- if (!transfer_buffer)
+ if (!transfer_buffer) {
+ usb_free_urb(mixer->urb);
return -ENOMEM;
-
+ }
usb_fill_int_urb(mixer->urb, dev, pipe,
transfer_buffer, private->wMaxPacketSize,
scarlett2_notify, mixer, private->bInterval);
--
2.25.1
On Tue, 21 May 2024 03:03:52 +0200,
Chen Ni wrote:
>
> In scarlett2_init_notify() if kmalloc() fails the allocated urb should
> be released.
It's freed in the common USB mixer destructor (snd_usb_mixer_free()),
hence your patch will lead to a double-free.
thanks,
Takashi
>
> Signed-off-by: Chen Ni <[email protected]>
> ---
> sound/usb/mixer_scarlett2.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/sound/usb/mixer_scarlett2.c b/sound/usb/mixer_scarlett2.c
> index 1150cf104985..4cad6b2a0292 100644
> --- a/sound/usb/mixer_scarlett2.c
> +++ b/sound/usb/mixer_scarlett2.c
> @@ -8637,9 +8637,10 @@ static int scarlett2_init_notify(struct usb_mixer_interface *mixer)
> return -ENOMEM;
>
> transfer_buffer = kmalloc(private->wMaxPacketSize, GFP_KERNEL);
> - if (!transfer_buffer)
> + if (!transfer_buffer) {
> + usb_free_urb(mixer->urb);
> return -ENOMEM;
> -
> + }
> usb_fill_int_urb(mixer->urb, dev, pipe,
> transfer_buffer, private->wMaxPacketSize,
> scarlett2_notify, mixer, private->bInterval);
> --
> 2.25.1
>
>