[PATCH 3.2 84/87] [media] usbvision-video: fix memory leak of alt_max_pkt_size

Mon, 08 Feb 2016 16:22:18 -0800 

3.2.77-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Alexey Khoroshilov <[email protected]>

commit 090c65b694c362adb19ec9c27de216a808ee443c upstream.

1. usbvision->alt_max_pkt_size is not deallocated anywhere.
2. if allocation of usbvision->alt_max_pkt_size fails,
there is no proper deallocation of already acquired resources.
The patch adds kfree(usbvision->alt_max_pkt_size) to
usbvision_release() as soon as other deallocations happen there.
It calls usbvision_release() if allocation of
usbvision->alt_max_pkt_size fails as soon as usbvision_release()
is safe to work with incompletely initialized usbvision structure.
Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
[bwh: Backported to 3.2: adjust filename]
Signed-off-by: Ben Hutchings <[email protected]>
---
 drivers/media/video/usbvision/usbvision-video.c | 2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/media/video/usbvision/usbvision-video.c
+++ b/drivers/media/video/usbvision/usbvision-video.c
@@ -1425,6 +1425,7 @@ static void usbvision_release(struct usb
 
        usbvision_remove_sysfs(usbvision->vdev);
        usbvision_unregister_video(usbvision);
+       kfree(usbvision->alt_max_pkt_size);
 
        usb_free_urb(usbvision->ctrl_urb);
 
@@ -1540,6 +1541,7 @@ static int __devinit usbvision_probe(str
        usbvision->alt_max_pkt_size = kmalloc(32 * usbvision->num_alt, 
GFP_KERNEL);
        if (usbvision->alt_max_pkt_size == NULL) {
                dev_err(&intf->dev, "usbvision: out of memory!\n");
+               usbvision_release(usbvision);
                return -ENOMEM;
        }

Reply via email to