On Sun, May 05, 2013 at 01:30:05PM +0100, Federico Schwindt wrote:
>
> there are more cases in mfi_bio_getitall() where the second allocated cfg
> (ld_det as well) might not be freed if something goes wrong.
>
> f.-
Well there is one more case and then after that sc->sc_cfg is set
to cfg so we shouldn't leak anything else?
Index: mfi.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/mfi.c,v
retrieving revision 1.144
diff -u -p -r1.144 mfi.c
--- mfi.c 3 May 2013 02:46:28 -0000 1.144
+++ mfi.c 7 May 2013 02:00:01 -0000
@@ -1470,8 +1470,10 @@ mfi_bio_getitall(struct mfi_softc *sc)
if (cfg == NULL)
goto done;
if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, sizeof *cfg, cfg,
- NULL))
+ NULL)) {
+ free(cfg, M_DEVBUF);
goto done;
+ }
size = cfg->mfc_size;
free(cfg, M_DEVBUF);
@@ -1480,8 +1482,10 @@ mfi_bio_getitall(struct mfi_softc *sc)
cfg = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
if (cfg == NULL)
goto done;
- if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, size, cfg, NULL))
+ if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, size, cfg, NULL)) {
+ free(cfg, M_DEVBUF);
goto done;
+ }
/* replace current pointer with enw one */
if (sc->sc_cfg)
