Skip to content

L
linux
Switch branch/tag
Find file BlameHistoryPermalink
  • Jesper Juhl's avatar
    [media] Zarlink zl10036 DVB-S: Fix mem leak in zl10036_attach · 7e270941
    Jesper Juhl authored 
    On Thu, 17 Feb 2011, Matthias Schwarzott wrote:

> On Sunday 06 February 2011, Jesper Juhl wrote:
> > If the memory allocation to 'state' succeeds but we jump to the 'error'
> > label before 'state' is assigned to fe->tuner_priv, then the call to
> > 'zl10036_release(fe)' at the 'error:' label will not free 'state', but
> > only what was previously assigned to 'tuner_priv', thus leaking the memory
> > allocated to 'state'.
> > There are may ways to fix this, including assigning the allocated memory
> > directly to 'fe->tuner_priv', but I did not go for that since the
> > additional pointer derefs are more expensive than the local variable, so I
> > just added a 'kfree(state)' call. I guess the call to 'zl10036_release'
> > might not even be needed in this case, but I wasn't sure, so I left it in.
> >
> Yeah, that call to zl10036_release can be completely eleminated.
> Another thing is: jumping to the error label only makes sense when memory was
> already allocated. So the jump in line 471 can be replaced by "return NULL",
> as the other error handling before allocation:
>         if (NULL == config) {
>                 printk(KERN_ERR "%s: no config specified", __func__);
>                 goto error;
>         }
>
> I suggest to improve the patch to clean the code up when changing that.
>
> But I am fine with commiting this patch also if you do not want to change it.
>

Thank you for your feedback. It makes a lot of sense.
Changing it is not a problem :)
How about the updated patch below?

If the memory allocation to 'state' succeeds but we jump to the 'error'
label before 'state' is assigned to fe->tuner_priv, then the call to
'zl10036_release(fe)' at the 'error:' label will not free 'state', but
only what was previously assigned to 'tuner_priv', thus leaking the memory
allocated to 'state'.
This patch fixes the leak and also does not jump to 'error:' before mem
has been allocated but instead just returns. Also some small style
cleanups.
Signed-off-by: default avatarJesper Juhl <jj@chaosbits.net>
Signed-off-by: default avatarMatthias Schwarzott <zzam@gentoo.org>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
    7e270941
zl10036.c 11.9 KB
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7