In iso_packets_buffer_init(), 'b->packets' is allocated through
kmalloc_array(). Then, the aligned packet size is checked. If it is
larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
However, the allocated 'b->packets' is not deallocated on this path,
leading to a memory leak.
To fix the above issue, free 'b->packets' before returning the error code.
Signed-off-by: Wenwen Wang <[email protected]>
---
sound/firewire/packets-buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/firewire/packets-buffer.c b/sound/firewire/packets-buffer.c
index 0d35359..0ecafd0 100644
--- a/sound/firewire/packets-buffer.c
+++ b/sound/firewire/packets-buffer.c
@@ -37,7 +37,7 @@ int iso_packets_buffer_init(struct iso_packets_buffer *b, struct fw_unit *unit,
packets_per_page = PAGE_SIZE / packet_size;
if (WARN_ON(!packets_per_page)) {
err = -EINVAL;
- goto error;
+ goto err_packets;
}
pages = DIV_ROUND_UP(count, packets_per_page);
--
2.7.4
Hi,
On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote:
> In iso_packets_buffer_init(), 'b->packets' is allocated through
> kmalloc_array(). Then, the aligned packet size is checked. If it is
> larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
> However, the allocated 'b->packets' is not deallocated on this path,
> leading to a memory leak.
>
> To fix the above issue, free 'b->packets' before returning the error code.
>
> Signed-off-by: Wenwen Wang <[email protected]>
> ---
> sound/firewire/packets-buffer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Takashi Sakamoto <[email protected]>
And this bug exists till its first commit for v2.6.39.
Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver")
Cc: <[email protected]> # v2.6.39+
Thanks
Takashi Sakamoto
On Thu, 08 Aug 2019 11:04:03 +0200,
Takashi Sakamoto wrote:
>
> Hi,
>
> On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote:
> > In iso_packets_buffer_init(), 'b->packets' is allocated through
> > kmalloc_array(). Then, the aligned packet size is checked. If it is
> > larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
> > However, the allocated 'b->packets' is not deallocated on this path,
> > leading to a memory leak.
> >
> > To fix the above issue, free 'b->packets' before returning the error code.
> >
> > Signed-off-by: Wenwen Wang <[email protected]>
> > ---
> > sound/firewire/packets-buffer.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Reviewed-by: Takashi Sakamoto <[email protected]>
>
> And this bug exists till its first commit for v2.6.39.
>
> Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver")
> Cc: <[email protected]> # v2.6.39+
Applied, thanks.
Takashi