Am Mittwoch, 9. Januar 2008 10:39:11 schrieb Brandon Philips:
> > > --- uvc.orig/uvc_driver.c
> > > +++ uvc/uvc_driver.c
> > > @@ -678,8 +678,10 @@ static int uvc_parse_streaming(struct uv
> > > format->frame = frame;
> > > ret = uvc_parse_format(dev, streaming, format,
> > > &interval, buffer, buflen);
> > > - if (ret < 0)
> > > + if (ret < 0) {
> > > + kfree(format);
> > > return ret;
> > > + }
> >
> > Are you sure about this ? format is freed in uvc_delete().
>
> Yes, this is unnecessary. Do you need me to resubmit?
How is this supposed to be freed?
uvc_parse_streaming() stores a pointer to format in streaming:
format = kzalloc(size, GFP_KERNEL);
if (format == NULL)
return -ENOMEM;
frame = (struct uvc_frame*)&format[nformats];
interval = (__u32*)&frame[nframes];
streaming->format = format;
streaming->nformats = nformats;
If uvc_parse_streaming() returns an error to the caller:
if (uvc_parse_streaming(dev, streaming) < 0) {
usb_put_intf(intf);
kfree(streaming);
continue;
}
list_add_tail(&streaming->list,
&dev->streaming);
streaming is freed and the addition to the list skipped. So uvc_delete()
walks the list, but it won't find the entry. This looks like a memory leak to
me.
Regards
Oliver
_______________________________________________
Linux-uvc-devel mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/linux-uvc-devel
