Hi Oliver,
On Thursday 10 January 2008, Oliver Neukum wrote:
> Am Mittwoch, 9. Januar 2008 10:39:11 schrieb Brandon Philips:
> > > > --- uvc.orig/uvc_driver.c
> > > > +++ uvc/uvc_driver.c
> > > > @@ -678,8 +678,10 @@ static int uvc_parse_streaming(struct uv
> > > > format->frame = frame;
> > > > ret = uvc_parse_format(dev, streaming, format,
> > > > &interval, buffer, buflen);
> > > > - if (ret < 0)
> > > > + if (ret < 0) {
> > > > + kfree(format);
> > > > return ret;
> > > > + }
> > >
> > > Are you sure about this ? format is freed in uvc_delete().
> >
> > Yes, this is unnecessary. Do you need me to resubmit?
>
> How is this supposed to be freed?
>
> uvc_parse_streaming() stores a pointer to format in streaming:
>
> format = kzalloc(size, GFP_KERNEL);
> if (format == NULL)
> return -ENOMEM;
>
> frame = (struct uvc_frame*)&format[nformats];
> interval = (__u32*)&frame[nframes];
>
> streaming->format = format;
> streaming->nformats = nformats;
>
> If uvc_parse_streaming() returns an error to the caller:
>
> if (uvc_parse_streaming(dev, streaming) < 0) {
> usb_put_intf(intf);
> kfree(streaming);
> continue;
> }
>
> list_add_tail(&streaming->list,
> &dev->streaming);
>
> streaming is freed and the addition to the list skipped. So uvc_delete()
> walks the list, but it won't find the entry. This looks like a memory leak
> to me.
You're right. My bad. Thanks for the report. I committed a fix.
Best regards,
Laurent Pinchart
_______________________________________________
Linux-uvc-devel mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/linux-uvc-devel
