ALSA: firewire: fix a memory leak bug
diff mbox series

Message ID 1565243458-2771-1-git-send-email-wenwen@cs.uga.edu
State New
Headers show
Series
  • ALSA: firewire: fix a memory leak bug
Related show

Commit Message

Wenwen Wang Aug. 8, 2019, 5:50 a.m. UTC
In iso_packets_buffer_init(), 'b->packets' is allocated through
kmalloc_array(). Then, the aligned packet size is checked. If it is
larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
However, the allocated 'b->packets' is not deallocated on this path,
leading to a memory leak.

To fix the above issue, free 'b->packets' before returning the error code.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
---
 sound/firewire/packets-buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Takashi Sakamoto Aug. 8, 2019, 9:04 a.m. UTC | #1
Hi,

On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote:
> In iso_packets_buffer_init(), 'b->packets' is allocated through
> kmalloc_array(). Then, the aligned packet size is checked. If it is
> larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
> However, the allocated 'b->packets' is not deallocated on this path,
> leading to a memory leak.
> 
> To fix the above issue, free 'b->packets' before returning the error code.
> 
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
>  sound/firewire/packets-buffer.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>

And this bug exists till its first commit for v2.6.39.

Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver")
Cc: <stable@vger.kernel.org> # v2.6.39+


Thanks

Takashi Sakamoto
Takashi Iwai Aug. 8, 2019, 9:12 a.m. UTC | #2
On Thu, 08 Aug 2019 11:04:03 +0200,
 Takashi Sakamoto  wrote:
> 
> Hi,
> 
> On Thu, Aug 8, 2019, at 14:53, Wenwen Wang wrote:
> > In iso_packets_buffer_init(), 'b->packets' is allocated through
> > kmalloc_array(). Then, the aligned packet size is checked. If it is
> > larger than PAGE_SIZE, -EINVAL will be returned to indicate the error.
> > However, the allocated 'b->packets' is not deallocated on this path,
> > leading to a memory leak.
> > 
> > To fix the above issue, free 'b->packets' before returning the error code.
> > 
> > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> > ---
> >  sound/firewire/packets-buffer.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
> 
> And this bug exists till its first commit for v2.6.39.
> 
> Fixes: 31ef9134eb52 ("ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driver")
> Cc: <stable@vger.kernel.org> # v2.6.39+

Applied, thanks.


Takashi

Patch
diff mbox series

diff --git a/sound/firewire/packets-buffer.c b/sound/firewire/packets-buffer.c
index 0d35359..0ecafd0 100644
--- a/sound/firewire/packets-buffer.c
+++ b/sound/firewire/packets-buffer.c
@@ -37,7 +37,7 @@  int iso_packets_buffer_init(struct iso_packets_buffer *b, struct fw_unit *unit,
 	packets_per_page = PAGE_SIZE / packet_size;
 	if (WARN_ON(!packets_per_page)) {
 		err = -EINVAL;
-		goto error;
+		goto err_packets;
 	}
 	pages = DIV_ROUND_UP(count, packets_per_page);