Re: [CHECKER] 32 Memory Leaks on Error Paths

From: Chris Wright
Date: Tue Sep 23 2003 - 15:15:16 EST


* David Yu Chen (dychen@xxxxxxxxxxxx) wrote:
> Leaks if devices == 0 ? Error_end only frees mdevs if (devices > 0),
> but for mdevs=kmalloc(0), the slab allocator may still actually return memory
> [FILE: 2.6.0-test5/drivers/usb/class/usb-midi.c]
> [FUNC: alloc_usb_midi_device]
> [LINES: 1621-1772]
> [VAR: mdevs]
> 1616: devices = inDevs > outDevs ? inDevs : outDevs;
> 1617: devices = maxdevices > devices ? devices : maxdevices;
> 1618:
> 1619: /* obtain space for device name (iProduct) if not known. */
> 1620: if ( ! u->deviceName ) {
> START -->
> 1621: mdevs = (struct usb_mididev **)
> 1622: kmalloc(sizeof(struct usb_mididevs *)*devices
> 1623: + sizeof(char) * 256, GFP_KERNEL);
<snip>
> GOTO -->
> 1715: goto error_end;
<snip>
> END -->
> 1772: return -ENOMEM;
> [FILE: 2.6.0-test5/drivers/usb/class/usb-midi.c]
> START -->
> 1625: mdevs = (struct usb_mididev **)
> 1626: kmalloc(sizeof(struct usb_mididevs *)*devices, GFP_KERNEL);
<snip>
> GOTO -->
> 1715: goto error_end;
<snip>
> END -->
> 1772: return -ENOMEM;

Yes, these are bugs. Patch below. Greg, this look ok?

thanks,
-chris

===== drivers/usb/class/usb-midi.c 1.22 vs edited =====
--- 1.22/drivers/usb/class/usb-midi.c Tue Sep 2 11:40:27 2003
+++ edited/drivers/usb/class/usb-midi.c Tue Sep 23 11:36:03 2003
@@ -1750,7 +1750,7 @@
return 0;

error_end:
- if ( mdevs != NULL && devices > 0 ) {
+ if ( mdevs != NULL ) {
for ( i=0 ; i<devices ; i++ ) {
if ( mdevs[i] != NULL ) {
unregister_sound_midi( mdevs[i]->dev_midi );
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/