LinuxLists.cc - [PATCH] brcmfmac: fix possible memory leak

2013-11-15 12:00:17

Subject: [PATCH] brcmfmac: fix possible memory leak

In case of error free 'chanspecs'.

Signed-off-by: Geyslan G. Bem <[email protected]>
---
drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index d7a9745..aea2c2e 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -771,7 +771,7 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
struct brcmf_cfg80211_vif *vif;
struct net_device *dev = NULL;
int i, num_nodfs = 0;
- u16 *chanspecs;
+ u16 *chanspecs = NULL;

brcmf_dbg(TRACE, "enter\n");

@@ -825,8 +825,10 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
action, P2PAPI_BSSCFG_DEVICE);
}
exit:
- if (err)
+ if (err) {
brcmf_err("error (%d)\n", err);
+ kfree(chanspecs);
+ }
return err;
}

--
1.8.4.2

2013-11-15 12:13:47

by Hante Meuleman

[permalink] [raw]

Subject: RE: [PATCH] brcmfmac: fix possible memory leak

Good find, wrong solution. The chanspecs is a temporarily variable which should be freed when exiting the function. Not only when there is an error. I personally would have preferred just a free at the end of the " if (request->n_channels) {". So something like this:

}
err = brcmf_p2p_escan(p2p, num_nodfs, chanspecs, search_state,
action, P2PAPI_BSSCFG_DEVICE);
+ kfree(chanspecs);
}

In this case the pointer doesn't have to be initialized to NULL.

Regards,
Hante

-----Original Message-----
From: Geyslan G. Bem [mailto:[email protected]]
Sent: vrijdag 15 november 2013 12:54
To: [email protected]
Cc: Brett Rudley; Arend Van Spriel; Franky Lin; Hante Meuleman; John W. Linville; Pieter-Paul Giesberts; Piotr Haber; [email protected]; brcm80211-dev-list; [email protected]; [email protected]
Subject: [PATCH] brcmfmac: fix possible memory leak

In case of error free 'chanspecs'.

Signed-off-by: Geyslan G. Bem <[email protected]>
---
drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index d7a9745..aea2c2e 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -771,7 +771,7 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
struct brcmf_cfg80211_vif *vif;
struct net_device *dev = NULL;
int i, num_nodfs = 0;
- u16 *chanspecs;
+ u16 *chanspecs = NULL;

brcmf_dbg(TRACE, "enter\n");

@@ -825,8 +825,10 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
action, P2PAPI_BSSCFG_DEVICE);
}
exit:
- if (err)
+ if (err) {
brcmf_err("error (%d)\n", err);
+ kfree(chanspecs);
+ }
return err;
}

--
1.8.4.2