Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262050AbTIWUOE (ORCPT ); Tue, 23 Sep 2003 16:14:04 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262175AbTIWUOE (ORCPT ); Tue, 23 Sep 2003 16:14:04 -0400 Received: from fw.osdl.org ([65.172.181.6]:54663 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S262050AbTIWUOA (ORCPT ); Tue, 23 Sep 2003 16:14:00 -0400 Date: Tue, 23 Sep 2003 13:13:50 -0700 From: Chris Wright To: David Yu Chen Cc: linux-kernel@vger.kernel.org, mc@cs.stanford.edu, greg@kroah.com Subject: Re: [CHECKER] 32 Memory Leaks on Error Paths Message-ID: <20030923131350.D20572@osdlab.pdx.osdl.net> References: <200309160435.h8G4ZkQM009953@elaine4.Stanford.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200309160435.h8G4ZkQM009953@elaine4.Stanford.EDU>; from dychen@stanford.edu on Mon, Sep 15, 2003 at 09:35:46PM -0700 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1779 Lines: 55 * David Yu Chen (dychen@stanford.edu) wrote: > Leaks if devices == 0 ? Error_end only frees mdevs if (devices > 0), > but for mdevs=kmalloc(0), the slab allocator may still actually return memory > [FILE: 2.6.0-test5/drivers/usb/class/usb-midi.c] > [FUNC: alloc_usb_midi_device] > [LINES: 1621-1772] > [VAR: mdevs] > 1616: devices = inDevs > outDevs ? inDevs : outDevs; > 1617: devices = maxdevices > devices ? devices : maxdevices; > 1618: > 1619: /* obtain space for device name (iProduct) if not known. */ > 1620: if ( ! u->deviceName ) { > START --> > 1621: mdevs = (struct usb_mididev **) > 1622: kmalloc(sizeof(struct usb_mididevs *)*devices > 1623: + sizeof(char) * 256, GFP_KERNEL); > GOTO --> > 1715: goto error_end; > END --> > 1772: return -ENOMEM; > [FILE: 2.6.0-test5/drivers/usb/class/usb-midi.c] > START --> > 1625: mdevs = (struct usb_mididev **) > 1626: kmalloc(sizeof(struct usb_mididevs *)*devices, GFP_KERNEL); > GOTO --> > 1715: goto error_end; > END --> > 1772: return -ENOMEM; Yes, these are bugs. Patch below. Greg, this look ok? thanks, -chris ===== drivers/usb/class/usb-midi.c 1.22 vs edited ===== --- 1.22/drivers/usb/class/usb-midi.c Tue Sep 2 11:40:27 2003 +++ edited/drivers/usb/class/usb-midi.c Tue Sep 23 11:36:03 2003 @@ -1750,7 +1750,7 @@ return 0; error_end: - if ( mdevs != NULL && devices > 0 ) { + if ( mdevs != NULL ) { for ( i=0 ; idev_midi ); - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/