prism2_config() kfree's twice if kmalloc fails.
Coverity bug #930
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/drivers/net/wireless/hostap/hostap_cs.c~ 2006-03-15 10:05:36.000000000 +0800
+++ linux-2.6/drivers/net/wireless/hostap/hostap_cs.c 2006-03-15 10:24:53.000000000 +0800
@@ -585,8 +585,6 @@
parse = kmalloc(sizeof(cisparse_t), GFP_KERNEL);
hw_priv = kmalloc(sizeof(*hw_priv), GFP_KERNEL);
if (parse == NULL || hw_priv == NULL) {
- kfree(parse);
- kfree(hw_priv);
ret = -ENOMEM;
goto failed;
}
@@ -783,8 +781,10 @@
cs_error(link->handle, last_fn, last_ret);
failed:
- kfree(parse);
- kfree(hw_priv);
+ if (parse)
+ kfree(parse);
+ if (hw_priv)
+ kfree(hw_priv);
prism2_release((u_long)link);
return ret;
}
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Hi Eugene,
Eugene Teo wrote:
> failed:
>- kfree(parse);
>- kfree(hw_priv);
>+ if (parse)
>+ kfree(parse);
>+ if (hw_priv)
>+ kfree(hw_priv);
> prism2_release((u_long)link);
> return ret;
> }
>
>
I don't think those if's are needed, since the kfree code already does:
void kfree(const void *objp)
{
if (unlikely(!objp))
return;
...
}
But if you really want to use it, I suggest using if (likely
(!<pointer>)) there to hint gcc of a possible optimization.
Cheers,
Felipe Damasio
On Wed, Mar 15, 2006 at 10:39:00AM +0800, Eugene Teo wrote:
> prism2_config() kfree's twice if kmalloc fails.
>
> Coverity bug #930
Thanks. I'm going through the issues related to Host AP driver in
Coverity database and send a set of patches after some testing.
> --- linux-2.6/drivers/net/wireless/hostap/hostap_cs.c~ 2006-03-15 10:05:36.000000000 +0800
> +++ linux-2.6/drivers/net/wireless/hostap/hostap_cs.c 2006-03-15 10:24:53.000000000 +0800
> @@ -585,8 +585,6 @@
> parse = kmalloc(sizeof(cisparse_t), GFP_KERNEL);
> hw_priv = kmalloc(sizeof(*hw_priv), GFP_KERNEL);
> if (parse == NULL || hw_priv == NULL) {
> - kfree(parse);
> - kfree(hw_priv);
> ret = -ENOMEM;
> goto failed;
> }
This is a valid fix..
> @@ -783,8 +781,10 @@
> cs_error(link->handle, last_fn, last_ret);
>
> failed:
> - kfree(parse);
> - kfree(hw_priv);
> + if (parse)
> + kfree(parse);
> + if (hw_priv)
> + kfree(hw_priv);
> prism2_release((u_long)link);
> return ret;
.. but this is not.
--
Jouni Malinen PGP id EFC895FA
<quote sender="Felipe W Damasio">
> Eugene Teo wrote:
>
> > failed:
> >- kfree(parse);
> >- kfree(hw_priv);
> >+ if (parse)
> >+ kfree(parse);
> >+ if (hw_priv)
> >+ kfree(hw_priv);
>
> I don't think those if's are needed, since the kfree code already does:
>
> void kfree(const void *objp)
> {
> if (unlikely(!objp))
> return;
> ...
> }
>
> But if you really want to use it, I suggest using if (likely
> (!<pointer>)) there to hint gcc of a possible optimization.
Ah, thanks for the tip.
Eugene
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
<quote sender="Jouni Malinen">
> On Wed, Mar 15, 2006 at 10:39:00AM +0800, Eugene Teo wrote:
> > prism2_config() kfree's twice if kmalloc fails.
> >
> > Coverity bug #930
>
> Thanks. I'm going through the issues related to Host AP driver in
> Coverity database and send a set of patches after some testing.
Ok, here's a resend. Thanks.
Eugene
--
prism2_config() kfree's twice if kmalloc fails.
Coverity bug #930
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/drivers/net/wireless/hostap/hostap_cs.c~ 2006-03-15 10:05:36.000000000 +0800
+++ linux-2.6/drivers/net/wireless/hostap/hostap_cs.c 2006-03-15 14:38:54.000000000 +0800
@@ -585,8 +585,6 @@
parse = kmalloc(sizeof(cisparse_t), GFP_KERNEL);
hw_priv = kmalloc(sizeof(*hw_priv), GFP_KERNEL);
if (parse == NULL || hw_priv == NULL) {
- kfree(parse);
- kfree(hw_priv);
ret = -ENOMEM;
goto failed;
}
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }