2012-09-02 13:21:47

by Wei Yongjun

[permalink] [raw]
Subject: [PATCH] NFC: fix possible memory leak

From: Wei Yongjun <[email protected]>

nfc_llcp_build_tlv() malloced the memory and should be free in
nfc_llcp_build_gb() after used, and the same in the error handling
case, otherwise it will cause memory leak.

spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <[email protected]>
---
net/nfc/llcp/llcp.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index 82f0f75..8152973 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -426,6 +426,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
u8 *miux_tlv, miux_length;
__be16 miux;
u8 gb_len = 0;
+ int ret = 0;

version = LLCP_VERSION_11;
version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version,
@@ -450,8 +451,8 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
gb_len += ARRAY_SIZE(llcp_magic);

if (gb_len > NFC_MAX_GT_LEN) {
- kfree(version_tlv);
- return -EINVAL;
+ ret = -EINVAL;
+ goto out;
}

gb_cur = local->gb;
@@ -471,12 +472,15 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
memcpy(gb_cur, miux_tlv, miux_length);
gb_cur += miux_length;

+ local->gb_len = gb_len;
+
+out:
kfree(version_tlv);
kfree(lto_tlv);
+ kfree(wks_tlv);
+ kfree(miux_tlv);

- local->gb_len = gb_len;
-
- return 0;
+ return ret;
}

u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)




2012-09-07 17:01:25

by Samuel Ortiz

[permalink] [raw]
Subject: Re: [PATCH] NFC: fix possible memory leak

Hi Wei,

On Sun, Sep 02, 2012 at 09:21:46PM +0800, Wei Yongjun wrote:
> From: Wei Yongjun <[email protected]>
>
> nfc_llcp_build_tlv() malloced the memory and should be free in
> nfc_llcp_build_gb() after used, and the same in the error handling
> case, otherwise it will cause memory leak.
>
> spatch with a semantic match is used to found this problem.
> (http://coccinelle.lip6.fr/)
>
> Signed-off-by: Wei Yongjun <[email protected]>
> ---
> net/nfc/llcp/llcp.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
Patch applied, thanks.

Cheers,
Samuel.

--
Intel Open Source Technology Centre
http://oss.intel.com/