Message ID | 1565243458-2771-1-git-send-email-wenwen@cs.uga.edu |
---|---|
State | New |
Headers | show |
Series |
|
Related | show |
Hi, On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote: > In iso_packets_buffer_init(), 'b->packets' is allocated through > kmalloc_array(). Then, the aligned packet size is checked. If it is > larger than PAGE_SIZE, -EINVAL will be returned to indicate the error. > However, the allocated 'b->packets' is not deallocated on this path, > leading to a memory leak. > > To fix the above issue, free 'b->packets' before returning the error code. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > --- > sound/firewire/packets-buffer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> And this bug exists till its first commit for v2.6.39. Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver") Cc: <stable@vger.kernel.org> # v2.6.39+ Thanks Takashi Sakamoto
On Thu, 08 Aug 2019 11:04:03 +0200, Takashi Sakamoto wrote: > > Hi, > > On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote: > > In iso_packets_buffer_init(), 'b->packets' is allocated through > > kmalloc_array(). Then, the aligned packet size is checked. If it is > > larger than PAGE_SIZE, -EINVAL will be returned to indicate the error. > > However, the allocated 'b->packets' is not deallocated on this path, > > leading to a memory leak. > > > > To fix the above issue, free 'b->packets' before returning the error code. > > > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > > --- > > sound/firewire/packets-buffer.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> > > And this bug exists till its first commit for v2.6.39. > > Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver") > Cc: <stable@vger.kernel.org> # v2.6.39+ Applied, thanks. Takashi
diff --git a/sound/firewire/packets-buffer.c b/sound/firewire/packets-buffer.c index 0d35359..0ecafd0 100644 --- a/sound/firewire/packets-buffer.c +++ b/sound/firewire/packets-buffer.c @@ -37,7 +37,7 @@ int iso_packets_buffer_init(struct iso_packets_buffer *b, struct fw_unit *unit, packets_per_page = PAGE_SIZE / packet_size; if (WARN_ON(!packets_per_page)) { err = -EINVAL; - goto error; + goto err_packets; } pages = DIV_ROUND_UP(count, packets_per_page);
In iso_packets_buffer_init(), 'b->packets' is allocated through kmalloc_array(). Then, the aligned packet size is checked. If it is larger than PAGE_SIZE, -EINVAL will be returned to indicate the error. However, the allocated 'b->packets' is not deallocated on this path, leading to a memory leak. To fix the above issue, free 'b->packets' before returning the error code. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- sound/firewire/packets-buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)