Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3295959yba;
        Sun, 28 Apr 2019 22:52:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwM6oA2GbYjxz7FH7pBBVs17hmRvWpoz9gXr+3cH9rUL7jSkJQ9J5XLhGTu/zKWKE9Jts1/
X-Received: by 2002:aa7:99c7:: with SMTP id v7mr1900864pfi.103.1556517128914;
        Sun, 28 Apr 2019 22:52:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556517128; cv=none;
        d=google.com; s=arc-20160816;
        b=QVk7XA+zWwXjJGXCrckahfxfVYQNyN7At+zO3VQEB5wdPVJ9xmKHJ9Pe8Gb53YGG2v
         nGoMOO15Hr5EJeezlfPhqn4iiqbkI30Exf4PJu/Pj0bm3x/qTvmyBJuNgnokX8O1kRtw
         C1a6pwoWKXiL6SC5KxOehq9dwW94b0CBKkPcFhF7UXMIsf4gVLXDjCIstZGrRuDguOna
         TSH9gbcgA6R6Rx6RqhX41oQL8d4ueTmAjTuIBq7gMOLKNRNtakY26mtFRdSb0h+iTns+
         S0PaCu9acCzczI5Qc+t8J1C9l5qlJKW74Z3dMf3NvHnSLvdcZ/8hwyBu/bnKQ6mRUYWo
         L3Bw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=rAiXQROA0qqkRb+JUBU+22E2nMTl//fAAwh/KSgRBlQ=;
        b=nquDg+4wuSRriY3AEDEyOObujFU4ju9f399o3stLtMyzhfZwzA3CMcCfCZFNq+sLbK
         Ce5TtDl3XLA/g0vcY1yrbLNBYVkRzHZUPHicGAIWTrFTHMl44fi+EHvbXk7KEVh0zvv6
         zp8ViUxloQ53wfIlIUvnHC5ZU1OXW55s3DfcBaouMFFsGcUsoQHexycUhKLbSy6jyL9g
         PDDLuPefMiJPLyRhiPU/yB5yrge5SrO+8TZlWOW7PRMyUgL6aubb1T086tYuQ+TWAd27
         P+PbYMra6yPf3jdZdT22Z8IHWShRKOcGPst8CZY46ao3qvoLeL5Kx9YhMz+AYfHu1Xhv
         DsMA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@umn.edu header.s=20160920 header.b=NgmsSQj+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 60si32423975pla.335.2019.04.28.22.51.53;
        Sun, 28 Apr 2019 22:52:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@umn.edu header.s=20160920 header.b=NgmsSQj+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727363AbfD2Fut (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Mon, 29 Apr 2019 01:50:49 -0400
Received: from mta-p4.oit.umn.edu ([134.84.196.204]:36024 "EHLO
        mta-p4.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725958AbfD2Fut (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Apr 2019 01:50:49 -0400
Received: from localhost (localhost [127.0.0.1])
        by mta-p4.oit.umn.edu (Postfix) with ESMTP id 03B825F5
        for <linux-kernel@vger.kernel.org>; Mon, 29 Apr 2019 05:50:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=umn.edu; h=
        content-type:content-type:subject:subject:message-id:date:date
        :from:from:in-reply-to:references:mime-version:received:received
        :received; s=20160920; t=1556517047; x=1558331448; bh=rAiXQROA0q
        qkRb+JUBU+22E2nMTl//fAAwh/KSgRBlQ=; b=NgmsSQj+NDhdaOeDwfN96qrtGO
        YgmzIlwoFF35mGb6MBjCKYwkfMZ49Pf/Yk/JCmc3YcwCdtm25xeFtay/z+8+PWsz
        iz7oxFStTR9fFBRP7lXpSbFC2mLsTVkwpyKWepmqFuavdW1rWsJerc4/ghwWyQVp
        zkKC7FKGKlvW4vj6QdTwS7kl83JqhLZLqyDKbp1hlMNNf1lehJq47T9EZ0Medck+
        yT+TMAju6ReW8iQmIhu/DGI2EkR+X65HQBo0PDnxpx6hQlY5jNiAbg6DMtnW/3ET
        6WXmwlqU+8jmVLe4Ld+bMp2eVcK7P1t9xMpFc4o7kEgJsXSHPrrHfBHDD2qA==
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p4.oit.umn.edu ([127.0.0.1])
        by localhost (mta-p4.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id wiRI6Fw9LwLy for <linux-kernel@vger.kernel.org>;
        Mon, 29 Apr 2019 00:50:47 -0500 (CDT)
Received: from mail-io1-f42.google.com (mail-io1-f42.google.com [209.85.166.42])
        (using TLSv1 with cipher AES128-SHA (128/128 bits))
        (No client certificate requested)
        (Authenticated sender: wang6495)
        by mta-p4.oit.umn.edu (Postfix) with ESMTPSA id B90345D6
        for <linux-kernel@vger.kernel.org>; Mon, 29 Apr 2019 00:50:47 -0500 (CDT)
Received: by mail-io1-f42.google.com with SMTP id d19so7940932ioc.3
        for <linux-kernel@vger.kernel.org>; Sun, 28 Apr 2019 22:50:47 -0700 (PDT)
X-Gm-Message-State: APjAAAVPTtGeferHiJNx++CQKEg6zHU7N1MDCZPX6Z/R5aKvDlJI3K/3
        z+nnvGjo5dQXMgWNzEUoSDDlM5Tm9nYy/KnJFH8=
X-Received: by 2002:a6b:720b:: with SMTP id n11mr8328414ioc.281.1556517047489;
 Sun, 28 Apr 2019 22:50:47 -0700 (PDT)
MIME-Version: 1.0
References: <1556433754-3291-1-git-send-email-wang6495@umn.edu>
 <s5hd0l6mwbz.wl-tiwai@suse.de> <s5ha7g9l6ea.wl-tiwai@suse.de>
In-Reply-To: <s5ha7g9l6ea.wl-tiwai@suse.de>
From:   Wenwen Wang <wang6495@umn.edu>
Date:   Mon, 29 Apr 2019 00:50:11 -0500
X-Gmail-Original-Message-ID: <CAAa=b7f7MMJ=2PBxz8yYM6u2SX7T2-YnC37gbapc1f9HOPQdeA@mail.gmail.com>
Message-ID: <CAAa=b7f7MMJ=2PBxz8yYM6u2SX7T2-YnC37gbapc1f9HOPQdeA@mail.gmail.com>
Subject: Re: [PATCH] ALSA: usx2y: fix a memory leak bug
To:     Takashi Iwai <tiwai@suse.de>
Cc:     "moderated list:SOUND" <alsa-devel@alsa-project.org>,
        Kees Cook <keescook@chromium.org>,
        Jaroslav Kysela <perex@perex.cz>,
        open list <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 29, 2019 at 12:36 AM Takashi Iwai <tiwai@suse.de> wrote:
>
> On Sun, 28 Apr 2019 09:18:40 +0200,
> Takashi Iwai wrote:
> >
> > On Sun, 28 Apr 2019 08:42:32 +0200,
> > Wenwen Wang wrote:
> > >
> > > In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
> > > and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
> > > kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
> > > sanity check is performed for the endpoint in the urb by invoking
> > > usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
> > > returned. In that case, however, the created urb and the allocated buffer
> > > are not freed, leading to memory leaks.
> > >
> > > To fix the above issue, free the urb and the buffer if the check fails.
> > >
> > > Signed-off-by: Wenwen Wang <wang6495@umn.edu>
> >
> > Applied now, thanks.
>
> ... and looking at the code again, this patch turned out to be wrong.
> The in04 urb and transfer buffer are freed at card->private_free
> callback (snd_usX2Y_card_private_free()) later, so this patch would
> lead to double-free.

Thanks for your comment! Does that mean we should remove
usb_free_urb() in the if statement of allocating 'usX2Y->In04Buf',
because it may also lead to double free?

Wenwen