sound: fix a memory leak bug
diff mbox series

Message ID 1565241321-2418-1-git-send-email-wenwen@cs.uga.edu
State New
Headers show
Series
  • sound: fix a memory leak bug
Related show

Commit Message

Wenwen Wang Aug. 8, 2019, 5:15 a.m. UTC
In sound_insert_unit(), the controlling structure 's' is allocated through
kmalloc(). Then it is added to the sound driver list by invoking
__sound_insert_unit(). Later on, if __register_chrdev() fails, 's' is
removed from the list through __sound_remove_unit(). If 'index' is not less
than 0, -EBUSY is returned to indicate the error. However, 's' is not
deallocated on this execution path, leading to a memory leak bug.

To fix the above issue, free 's' before -EBUSY is returned.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
---
 sound/sound_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Takashi Iwai Aug. 8, 2019, 6:20 a.m. UTC | #1
On Thu, 08 Aug 2019 07:15:21 +0200,
Wenwen Wang wrote:
> 
> In sound_insert_unit(), the controlling structure 's' is allocated through
> kmalloc(). Then it is added to the sound driver list by invoking
> __sound_insert_unit(). Later on, if __register_chrdev() fails, 's' is
> removed from the list through __sound_remove_unit(). If 'index' is not less
> than 0, -EBUSY is returned to indicate the error. However, 's' is not
> deallocated on this execution path, leading to a memory leak bug.
> 
> To fix the above issue, free 's' before -EBUSY is returned.
> 
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>

Oh, it's a really old bug.  Applied now.

Thanks!


Takashi

Patch
diff mbox series

diff --git a/sound/sound_core.c b/sound/sound_core.c
index b730d97..90d118c 100644
--- a/sound/sound_core.c
+++ b/sound/sound_core.c
@@ -275,7 +275,8 @@  static int sound_insert_unit(struct sound_unit **list, const struct file_operati
 				goto retry;
 			}
 			spin_unlock(&sound_loader_lock);
-			return -EBUSY;
+			r = -EBUSY;
+			goto fail;
 		}
 	}