Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp497144pxb; Wed, 22 Sep 2021 06:54:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwmaG/I7m5qMC/PLOtVDYmkRVUSaVO6dwB61R3xGEBPRRVlnM2AVRp6/+YeQFkSnHMtU75/ X-Received: by 2002:a17:906:a012:: with SMTP id p18mr42276173ejy.331.1632318862215; Wed, 22 Sep 2021 06:54:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632318862; cv=none; d=google.com; s=arc-20160816; b=JrN87npNXrn0kKI3Xt0hH4D4LCB5+qHgJL8MvEwKtODXBSaA7uF2dDq9oA6yIP2r8h U7rVfizwfi1Y95korKoz3l9OKT4FbwO7goUcRDFWO2L+rjHMqUYmng6pAo1Es9KzQJNQ 5g6yqGTsFAN9yTAppWtJX8Ebcc4rhctHhqlQEPP2ujA5EZzICItPYVJgCuZBcuXnCU9O 4VKSv01nklaOzlULLcKQoihAbxA12sJkEEWCSg1ujE91Fs0NBICAE8XckUToEdtZjzcb BPcp3sP5wlo4ncUslgIZi5M0iDWYzKBnk17kRJzTO3PZfdrarxRRjs1m7KPHls/mdsZP muTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=PYAx5f2kK3jenJObcCwTBa3GNhmO4X872v7Sll3PYbc=; b=Yr7V4752g8sUuW75E77q6qvnigelcfm09na5mjo6EZpzy4o3v2sh7bBbMP22u8qzC7 CQWFK8KF8emXB9HQAUmOarUfMXQhmLU6OrClFxqdAyv/HhRBUstk1/c3vE0VTqykE4If Nctkp5zDsZw199xiYmr/1FjeKCYGlAYbQ9qcuJAawHzF+9pgheV56lXh7aI2hCar5yNI zAYNtKJA4UD8Nbl+oPjO/jhqBkpAC0mfWZGy23Kmg/KrlFGUpfw851+/11f3jvRwNLfp CWvleV0XLTXcSOnNM4FC1Ak4Dl935MjKoITvTFkZyGh8o+yErpFSoRKR6TSbx1KzRsJH X3BA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x16si3537499edd.401.2021.09.22.06.53.40; Wed, 22 Sep 2021 06:54:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232243AbhIVNx0 (ORCPT + 99 others); Wed, 22 Sep 2021 09:53:26 -0400 Received: from mail.zju.edu.cn ([61.164.42.155]:37198 "EHLO zju.edu.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S232213AbhIVNx0 (ORCPT ); Wed, 22 Sep 2021 09:53:26 -0400 Received: from localhost.localdomain (unknown [10.192.168.152]) by mail-app3 (Coremail) with SMTP id cC_KCgC3t2x8NEthnTqKBQ--.42479S4; Wed, 22 Sep 2021 21:49:53 +0800 (CST) From: Dinghao Liu To: dinghao.liu@zju.edu.cn Cc: Sean Wang , Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , Matthias Brugger , linux-bluetooth@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync Date: Wed, 22 Sep 2021 21:49:45 +0800 Message-Id: <20210922134945.27503-1-dinghao.liu@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: cC_KCgC3t2x8NEthnTqKBQ--.42479S4 X-Coremail-Antispam: 1UD129KBjvJXoW7Cr1kAw17trWxZr1rCw18AFb_yoW8AFW5pF Wqg3Z8ZrWUtr4fZr9Iya1fXayrAa1SqrWjg3yrC3s5Gr4YyrZ5JF1Fka4jqrWakrZ7Jw42 yF1ktrZ5Ca4UurJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvm1xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AE w4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2 IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UM28EF7xvwVC2 z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcV Aq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j 6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64 vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4IIrI8v6xkF7I0E8cxan2IY04v7MxAIw28I cxkI7VAKI48JMxAIw28IcVCjz48v1sIEY20_GFWkJr1UJwCFx2IqxVCFs4IE7xkEbVWUJV W8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF 1VAFwI0_Jw0_GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6x IIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvE x4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnU UI43ZEXa7VUbXdbUUUUUU== X-CM-SenderInfo: qrrzjiaqtzq6lmxovvfxof0/1tbiAg0OBlZdtV6LsAAVsJ Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org bdev->evt_skb will get freed in the normal path and one error path of mtk_hci_wmt_sync, while the other error paths do not free it, which may cause a memleak. This bug is suggested by a static analysis tool, please advise. Fixes: e0b67035a90b ("Bluetooth: mediatek: update the common setup between MT7622 and other devices") Signed-off-by: Dinghao Liu --- drivers/bluetooth/btmtkuart.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btmtkuart.c b/drivers/bluetooth/btmtkuart.c index e9d91d7c0db4..9ba22b13b4fa 100644 --- a/drivers/bluetooth/btmtkuart.c +++ b/drivers/bluetooth/btmtkuart.c @@ -158,8 +158,10 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, int err; hlen = sizeof(*hdr) + wmt_params->dlen; - if (hlen > 255) - return -EINVAL; + if (hlen > 255) { + err = -EINVAL; + goto err_free_skb; + } hdr = (struct mtk_wmt_hdr *)&wc; hdr->dir = 1; @@ -173,7 +175,7 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc); if (err < 0) { clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return err; + goto err_free_skb; } /* The vendor specific WMT commands are all answered by a vendor @@ -190,13 +192,14 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, if (err == -EINTR) { bt_dev_err(hdev, "Execution of wmt command interrupted"); clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return err; + goto err_free_skb; } if (err) { bt_dev_err(hdev, "Execution of wmt command timed out"); clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return -ETIMEDOUT; + err = -ETIMEDOUT; + goto err_free_skb; } /* Parse and handle the return WMT event */ -- 2.17.1