by
this driver. Detected by Coverity - CID 144381.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
* rebased against staging-next - commit 09c3fbba (staging: rtl8188eu:
Remove 'u8 *pbuf' from struct recv_buf)
* fixed mua: no multipart, 7bit text/plain us-ascii
Function rtw_mp_pwrtrk() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - 1077715.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
Function rtw_mp_SetRFPath() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077714.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
is
safe. Detected by Coverity - CID 144373.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
* rebased against staging-next - commit 09c3fbba (staging: rtl8188eu:
Remove 'u8 *pbuf' from struct recv_buf)
* fixed mua: no multipart, 7bit text/plain us-ascii
Compile
Function rtw_mp_QueryDrv() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077713.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
by Coverity - CID 144370, 144371.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
* rebased against staging-next - commit 09c3fbba (staging: rtl8188eu:
Remove 'u8 *pbuf' from struct recv_buf)
* fixed mua: no multipart, 7bit text/plain us-ascii
Compile tested
Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.
Signed-off-by: Christian Engelmayer
---
v3
Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
* rebased
ove 'u8 *pbuf' from struct recv_buf)
* fixed mua: no multipart, 7bit text/plain us-ascii
The series is compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
Christian Engelmayer (5):
staging: rtl8188eu: fix potential le
Function rtw_wx_set_enc_ext() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077712.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
Remove a needless pointer initialisation and call to get_status_port_fn()
in functions remove_bypass_tpl_auto() and set_tpl_fn(). Variable
'pbpctl_dev_b' is set correctly later in the function before first use.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
correctly.
Detected by Coverity - CID 1077716, 1077717.
Signed-off-by: Christian Engelmayer
---
v3: Resend after v2 failed to apply
* rebased against staging-next - commit 09c3fbba (staging: rtl8188eu:
Remove 'u8 *pbuf' from struct recv_buf)
* fixed mua: no multipart, 7bit text/plain us-ascii
Pointer 'pwdev_priv' in function rtw_wdev_free() is unused - thus remove it.
Signed-off-by: Christian Engelmayer
---
v2: Resend after v1 failed to apply
* rebased against staging-next - commit 09c3fbba (staging: rtl8188eu:
Remove 'u8 *pbuf' from struct recv_buf)
* fixed mua
On Sun, 1 Jun 2014 13:32:20 +0200, Rickard Strandqvist
wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
>
> This was largely found by using a static code analysis program called
> cppcheck.
>
> Signed-off-by: Rickard Strandqvist
This
On Sun, 1 Jun 2014 13:30:43 +0200, Rickard Strandqvist
wrote:
> There is a risk for memory leak in when something unexpected happens
> and the function returns.
>
> This was largely found by using a static code analysis program called
> cppcheck.
>
> Signed-off-by: Rickard Strandqvist
> ---
Function read_dump() memory maps the input via grab_file(), but fails to call
the corresponding unmap function. Add the missing call to release_file().
Detected by Coverity: CID 1192419
Signed-off-by: Christian Engelmayer
---
Compile tested - Applies against v3.14 as well as linux-next
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
Christian Engelmayer (2):
staging: rtl8188eu: fix usage of uninit scalar in rtw_drv_init()
staging: rtl8188eu: remove dead code in rtw_drv_init()
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 4 +---
1 file changed, 1 insertion(+), 3
(status != _SUCCESS) immediately after 'status = _SUCCESS' will never evaluate
true. Thus remove the logically dead code. Detected by Coverity - CID 1077553.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 2 --
1 file changed, 2 deletions(-)
diff --git
Function rtw_drv_init() is written in a way that assumes 'status' != _SUCCESS
as long as not explicitly set. Thus initialize 'status' to FAIL, in order to
prevent undefined behaviour if going through the exit paths. Detected by
Coverity - CID 1077832.
Signed-off-by: Christian Engelmayer
uninitialized. Thus init 'is_mcast' to 0. Detected by Coverity - CID 1164324
Signed-off-by: Christian Engelmayer
---
Compile tested. Applies against branch for-next in tree
git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband.git
---
drivers/infiniband/hw/mlx4/ah.c | 2 +-
1 file changed, 1
On Sat, 17 May 2014 17:44:23 +0300, Dan Carpenter
wrote:
> On Sat, May 17, 2014 at 12:38:57PM +0200, Christian Engelmayer wrote:
> > Function rtw_drv_init() is written in a way that assumes 'status' !=
> > _SUCCESS
> > as long as not explicitly set. Thus initialize 'stat
is
undetermined. Detected by Coverity - CID 751497.
Signed-off-by: Christian Engelmayer
---
Compile tested. Applies against branch master in tree
git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
---
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1
In case allocation via usb_alloc_coherent() fails in ims_pcu_buffers_alloc(),
the function jumps to the exit path without initializing local variable
'error' that is used as return value. Detected by Coverity - CID 1016531.
Signed-off-by: Christian Engelmayer
---
This is an allocation function
Commit de906af1 (net: phy: make of_set_phy_supported work with genphy driver)
removed the last user of variable 'max_speed' in function
of_mdiobus_register_phy(), leading to compile warning "unused variable
‘max_speed’ [-Wunused-variable]". Thus remove it.
Signed-off-by: Christian
Fix a potential memory leak in the error handling of test_aead_speed(). In case
the size check on the associate data length parameter fails, the function goes
through the wrong exit label. Reported by Coverity - CID 1163870.
Signed-off-by: Christian Engelmayer
---
crypto/tcrypt.c | 14
Fix a potential memory leak in the error handling of test_aead_speed(). In case
crypto_alloc_aead() fails, the function returns without going through the
centralized cleanup path. Reported by Coverity - CID 1163870.
Signed-off-by: Christian Engelmayer
---
crypto/tcrypt.c | 3 ++-
1 file changed
Fix leakage of memory for struct aead_request that is allocated via
aead_request_alloc() but not released via aead_request_free().
Reported by Coverity - CID 1163869.
Signed-off-by: Christian Engelmayer
---
crypto/tcrypt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
ries applies against v3.15-rc2 as well as branch master in tree
git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git and is
compile tested only.
Christian Engelmayer (3):
crypto: Fix potential leak in test_aead_speed() if aad_size is too big
crypto: Fix potential leak in test_aead_s
Commit a0b148b4 (ASoC: wm8985: Use devm_regulator_bulk_get()) removed the last
user of pointer wm8985 to struct wm8985_priv. Thus remove it. Detected by
Coverity CID 1222150.
Signed-off-by: Christian Engelmayer
---
Compile tested. Applies against branch for-next in tree
git.kernel.org/pub/scm
Commit e4ac92d (serial: samsung: Neaten dbg uses) contains a typo in the
changed dbg() function regarding the name of the used character buffer.
This breaks the build if actually compiled with CONFIG_SERIAL_SAMSUNG_DEBUG.
Signed-off-by: Christian Engelmayer
---
Compile tested. Applies against
Fix sparse warning "non-ANSI function declaration of function
'arch_init_kprobes'".
Signed-off-by: Christian Engelmayer
---
arch/arm/kernel/kprobes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
index 6d6442
Fix sparse warning "non-ANSI function declaration of function
'xen_has_pv_devices'".
Signed-off-by: Christian Engelmayer
---
arch/x86/xen/platform-pci-unplug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/xen/platform-pci-unplug.c
b/arch/x86/xen/pl
Function genwqe_free_sync_sgl() returns the value of variable 'rc'. 'rc' is
only set in the error paths, thus initialize it by 0. Coverity CID 1204242.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch char-misc-next of tree
git.kernel.org/pub/scm/linux/kernel/git
Avoid a needless kernel message in case there is no client irq to be ignored.
[2.856058] gpiochip_add: registered GPIOs 248 to 255 on device: pcf8574
[2.862830] pcf857x 1-0020:
Signed-off-by: Christian Engelmayer
---
--- a/drivers/gpio/gpio-pcf857x.c 2012-07-06 09:19
On Mon, 20 Jul 2015 07:50:36 -0700, Gwendal Grignou
wrote:
> On Sun, Jul 19, 2015 at 12:43 PM, Christian Engelmayer
> wrote:
> > Function led_rgb_store() contains some direct returns in error cases that
> > leak the already allocated cros_ec_command message structure. Make
The allocated cros_ec_command message structure is not freed in function
sequence_store(). Make sure that 'msg' is freed in all exit paths.
Detected by Coverity CID 1309667.
Signed-off-by: Christian Engelmayer
---
Compile tested only. Applies against linux-next.
---
drivers/platform/chrome
Function led_rgb_store() contains some direct returns in error cases that
leak the already allocated cros_ec_command message structure. Make sure
that 'msg' is freed in all exit paths. Detected by Coverity CID 1309666.
Signed-off-by: Christian Engelmayer
---
Compile tested only. Applies against
correctly. Detected by Coverity CID 1316519.
Signed-off-by: Christian Engelmayer
---
Compile tested only.
---
drivers/net/wireless/rsi/rsi_91x_sdio_ops.c | 8 ++--
drivers/net/wireless/rsi/rsi_91x_usb_ops.c | 8 ++--
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wi
Function vmw_cotable_unbind() uses the uninitialized variable ret as
return value. Make the result deterministic and directly return as
the variable is unused anyway. Detected by Coverity CID 1324256.
Signed-off-by: Christian Engelmayer
---
Compile tested only. Applies against linux-next
Function vmw_kms_helper_dirty() uses the uninitialized variable ret as
return value. Make the result deterministic and directly return as the
variable is unused anyway. Detected by Coverity CID 1324255.
Signed-off-by: Christian Engelmayer
---
Compile tested only. Applies against linux-next
Variable err in function load_slim_core_fw() is used without initializer.
Make sure that the result is deterministic. Detected by Coverity CID
1324265.
Signed-off-by: Christian Engelmayer
---
Compile tested only. Applies against linux-next.
---
drivers/media/platform/sti/c8sectpfe/c8sectpfe
In case of failure loading the firmware, function
load_c8sectpfe_fw_step1() uses the uninitialized variable ret as return
value instead of the retrieved error value. Make sure the result is
deterministic. Detected by Coverity CID 1324230.
Signed-off-by: Christian Engelmayer
---
Compile tested
On Wed, 23 Apr 2014 01:33:05 +0200, Marek Vasut wrote:
> On Monday, April 21, 2014 at 08:45:59 PM, Christian Engelmayer wrote:
> > + if (aad_size >= PAGE_SIZE) {
>
> On an unrelated note ... Won't if (aad_size > PAGE_SIZE) be sufficient here?
From what I have
specific data to the device. Move the temporary struct that is kmemdup'ed
to the stack. This issue exists since afb43e6d (wlcore: remove if_ops from
platform_data).
Signed-off-by: Christian Engelmayer
---
Applies against v3.15-rc2 as well as branch master in tree
git.kernel.org/pub/scm/linux/kernel
specific data to the device. Move the temporary struct that is kmemdup'ed
to the stack. This issue exists since afb43e6d (wlcore: remove if_ops from
platform_data).
Signed-off-by: Christian Engelmayer
---
Applies against v3.15-rc2 as well as branch master in tree
git.kernel.org/pub/scm/linux/kernel
ies on, is setup
correctly.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against v3.15-rc2 as well as branch staging-next
of tree git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/comedi/drivers/das1800.c | 2 +-
drivers/staging/comedi/driv
Pointer 'pwdev_priv' in function rtw_wdev_free() is unused - thus remove it.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against v3.15-rc2 as well as branch staging-next
of tree git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/rtl8723au
Remove a needless pointer initialisation and call to get_status_port_fn()
in functions remove_bypass_tpl_auto() and set_tpl_fn(). Variable
'pbpctl_dev_b' is set correctly later in the function before first use.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against v3.15-rc2
Pointer 'pbpctl_dev_c' in function bypass_init_module() is unused.
Thus remove it.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against v3.15-rc2 as well as branch staging-next
of tree git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/silicom
Pointer 'pbpctl_dev_c' in function bypass_init_module() is unused. Thus remove
it. With the last variable declaration gone, there is no more need for an own
block. Remove it and adapt the indenting accordingly.
Signed-off-by: Christian Engelmayer
---
v2: Added changes requested by Dan Carpenter
Function rtw_mp_QueryDrv() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077713.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
Function rtw_wx_read32() dynamically allocates a temporary buffer that is not
freed in all error paths. Use a centralized exit path and make sure that all
memory is freed correctly. Detected by Coverity - CID 1077711.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
Function rtw_mp_pwrtrk() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - 1077715.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
/gregkh/staging.git
Christian Engelmayer (5):
staging: rtl8188eu: fix potential leak in rtw_wx_read32()
staging: rtl8188eu: fix potential leak in rtw_wx_set_enc_ext()
staging: rtl8188eu: fix potential leak in rtw_mp_QueryDrv()
staging: rtl8188eu: fix potential leak in rtw_mp_SetRFPath()
stag
Function rtw_mp_SetRFPath() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077714.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
Function rtw_wx_set_enc_ext() dynamically allocates a temporary buffer that
is not freed in all error paths. Use a centralized exit path and make sure
that all memory is freed correctly. Detected by Coverity - CID 1077712.
Signed-off-by: Christian Engelmayer
---
drivers/staging/rtl8188eu/os_dep
On Mon, 28 Apr 2014 22:36:13 +, Hartley Sweeten
wrote:
> Technically, these drivers are fine as-is.
They are. The proposed change falls under minor code maintenance only.
> They are all legacy comedi drivers and use the manual attach mechanism. The
> dev->board pointer is setup by the
correctly.
Detected by Coverity - CID 1077716, 1077717.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/rtl8188eu/core/rtw_mlme.c | 15 ++-
1 file changed, 10
correctly.
Detected by Coverity - CID 1077716, 1077717.
Signed-off-by: Christian Engelmayer
---
v2: Added changes requested by Dan Carpenter:
* Just return directly where no cleanup is needed.
* Prefer naming labels by the labeled action rather than the goto location.
Compile tested and applies
is
safe. Detected by Coverity - CID 144373.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 16 +---
1 file changed, 9
Fix a potential leak in the error path of function update_bcn_wps_ie().
Make sure that allocated memory for 'pbackup_remainder_ie' is freed
upon return. Detected by Coverity - CID 1077718.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
Fix a potential leak in the error path of function update_bcn_wps_ie().
Make sure that allocated memory for 'pbackup_remainder_ie' is freed
upon return. Detected by Coverity - CID 1077718.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
On Thu, 1 May 2014 14:22:17 +0200, Mateusz Guzik wrote:
> On Thu, May 01, 2014 at 01:57:27PM +0200, Christian Engelmayer wrote:
> > Fix a potential leak in the error path of function update_bcn_wps_ie().
> > Make sure that allocated memory for 'pbackup_remainder_ie' is freed
Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.
Signed-off-by: Christian Engelmayer
---
v2
by Coverity - CID 144370, 144371.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/rtl8712/rtl871x_mlme.c | 28
1 file changed, 20
Fix a potential leak in the error path of function update_bcn_wps_ie().
Move the affected input verification to the beginning of the function so
that it may return directly without leaking already allocated memory.
Detected by Coverity - CID 1077718.
Signed-off-by: Christian Engelmayer
---
v2
not supported
by this driver. Detected by Coverity - CID 144381.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/vt6656/hostap.c | 6 --
1 file changed, 4 insertions
Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging
. Detected by Coverity - CID 1077830.
Signed-off-by: Christian Engelmayer
---
Compile tested and applies against branch staging-next of tree
git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
---
drivers/staging/comedi/drivers/ii_pci20kc.c | 1 +
1 file changed, 1 insertion(+)
diff --git
On Sat, 3 May 2014 20:27:35 -0400, Greg KH wrote:
> On Thu, May 01, 2014 at 11:54:02PM +0200, Christian Engelmayer wrote:
> > Fix potential leaks in the error paths of r8712_set_key(). In case the
> > algorithm specific checks fail, the function returns without enqueuing
Fix an incorrect sizeof() usage in sst_hsw_stream_get_volume(). sst_dsp_read()
is called to read into a variable of type u32, but is passed sizeof(u32 *) for
argument 'size_t bytes'. Detected by Coverity: CID 1195260.
Signed-off-by: Christian Engelmayer
---
sound/soc/intel/sst-haswell-ipc.c | 3
Remove a self assignment in sst_mem_block_alloc_scratch(). When calculating
buffer sizes there is no need for statements without effect. Detected by
Coverity: CID 1195249.
Signed-off-by: Christian Engelmayer
---
sound/soc/intel/sst-firmware.c | 4 +---
1 file changed, 1 insertion(+), 3
r_bitflips() into the same ifdef section as the only caller.
Signed-off-by: Christian Engelmayer
---
drivers/mtd/nand/omap2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/omap2.c b/drivers/mtd/nand/omap2.c
index 1ff49b8..1b800bc 100644
--- a/drivers/mtd/nand/oma
by Coverity: CID 1195576.
Signed-off-by: Christian Engelmayer
---
Applies against git.kernel.org/pub/scm/linux/kernel/git/linville/wireless.git
Compile tested.
---
drivers/net/wireless/rsi/rsi_91x_mgmt.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git
Fix a potential memory leak in the error path of function
rsi_send_auto_rate_request(). In case memory allocation for array
'selected_rates' fails, the error path exits and leaves the previously
allocated skb in place. Detected by Coverity: CID 1195575.
Signed-off-by: Christian Engelmayer
On Thu, 10 Apr 2014 16:01:35 -0400, Andev wrote:
> On Thu, Apr 10, 2014 at 3:54 PM, Greg Kroah-Hartman wrote:
> > On Thu, Apr 10, 2014 at 03:46:12PM -0400, Andev wrote:
> >> Adding Greg KH,
> >
> > Why do I care about this?
> >
>
> I am not sure if this needs to be applied to stable too. Should
101 - 176 of 176 matches
Mail list logo