Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3331135yba; Sun, 28 Apr 2019 23:44:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqzlgOQm4i9r++ypJA0oF4Cjmv+SsuxG5O0P5RrjCbTt1gO7m2a6QdW2ns5ptRZXtkk6CuR8 X-Received: by 2002:aa7:81cf:: with SMTP id c15mr10046020pfn.23.1556520262116; Sun, 28 Apr 2019 23:44:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556520262; cv=none; d=google.com; s=arc-20160816; b=z3Gj5FNf8w6bG+tw7VBjZB6w4qPkzelwzAkjlEx5GXCLOa0ja3T8dyCJBjYgW21Hmu Z0TvCT85JAvFIcyrpDJIs+cfTN3fRW4HWnrAgplNK+m46StCEEFDaMXM6N68f7jYv5Jc jpupzAnuwfeDlUMreQW4mAZOu/21GCMDwe3d/nhYSv5+M0e9n6jHxUaCIyA3jKWBZLNZ IlOSHZtVCwBaIjhcPkbmxBp1QXtrgeEbFnTr4ElMvf9p9X5tUPPEMAF3A6u066ZDlmEZ R7DaF0D4S90iwP0C+8VEOqJFkRzibk1aet3bQXlr6k1B2F5SnBC6LPIB72w6IWQYGVKh q7pA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:subject:cc:to:from:message-id:date; bh=HaT0CWZf/ohV9WnAIkef0iKd1yb/+VQY4F+MouJTjDY=; b=lRQ80RsFzblSRIK2s8wp2H+U+kqkK5sdQ6/uMd5Ox7XlCfVpJ/0tSSUIjio/W4e6Gq POHDVOXVQ1nmXC3Q2lQk2cRH6bjWSERz1A92EWxFgbHOuy9BtSRGQ5wtgRl0z73SMBFG JH53mEuCOPZYK+g5VDIwvvU1DcGjRlMjdcLivQE7cwFzW8+bg07zLM4zK2ZYsYNzSExo uFNuOyOa9DODk4gkFtsS7zBVwR9sVGyTgLzg0AtuE6sNSs9HYrnVMAv0msAuaH6rrwh1 9hmOWIf7hvaHolCUz/E/w6JLJOy1SW7sfVuZZan/ACSyi7lCmJe/45ATJz/KvpA2mPZr YLGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h7si30071741pgj.363.2019.04.28.23.44.07; Sun, 28 Apr 2019 23:44:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727484AbfD2Gmb (ORCPT + 99 others); Mon, 29 Apr 2019 02:42:31 -0400 Received: from mx2.suse.de ([195.135.220.15]:52612 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727380AbfD2Gmb (ORCPT ); Mon, 29 Apr 2019 02:42:31 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 5E7E2AE31; Mon, 29 Apr 2019 06:42:30 +0000 (UTC) Date: Mon, 29 Apr 2019 08:42:29 +0200 Message-ID: From: Takashi Iwai To: Wenwen Wang Cc: "moderated list:SOUND" , Kees Cook , Jaroslav Kysela , open list Subject: Re: [PATCH] ALSA: usx2y: fix a memory leak bug In-Reply-To: References: <1556433754-3291-1-git-send-email-wang6495@umn.edu> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 29 Apr 2019 07:50:11 +0200, Wenwen Wang wrote: > > On Mon, Apr 29, 2019 at 12:36 AM Takashi Iwai wrote: > > > > On Sun, 28 Apr 2019 09:18:40 +0200, > > Takashi Iwai wrote: > > > > > > On Sun, 28 Apr 2019 08:42:32 +0200, > > > Wenwen Wang wrote: > > > > > > > > In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb() > > > > and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through > > > > kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a > > > > sanity check is performed for the endpoint in the urb by invoking > > > > usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be > > > > returned. In that case, however, the created urb and the allocated buffer > > > > are not freed, leading to memory leaks. > > > > > > > > To fix the above issue, free the urb and the buffer if the check fails. > > > > > > > > Signed-off-by: Wenwen Wang > > > > > > Applied now, thanks. > > > > ... and looking at the code again, this patch turned out to be wrong. > > The in04 urb and transfer buffer are freed at card->private_free > > callback (snd_usX2Y_card_private_free()) later, so this patch would > > lead to double-free. > > Thanks for your comment! Does that mean we should remove > usb_free_urb() in the if statement of allocating 'usX2Y->In04Buf', > because it may also lead to double free? Yes, that's another superfluous code. Takashi