| Message ID | 1565241321-2418-1-git-send-email-wenwen@cs.uga.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | sound: fix a memory leak bug | expand |
On Thu, 08 Aug 2019 07:15:21 +0200, Wenwen Wang wrote: > > In sound_insert_unit(), the controlling structure 's' is allocated through > kmalloc(). Then it is added to the sound driver list by invoking > __sound_insert_unit(). Later on, if __register_chrdev() fails, 's' is > removed from the list through __sound_remove_unit(). If 'index' is not less > than 0, -EBUSY is returned to indicate the error. However, 's' is not > deallocated on this execution path, leading to a memory leak bug. > > To fix the above issue, free 's' before -EBUSY is returned. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Oh, it's a really old bug. Applied now. Thanks! Takashi
diff --git a/sound/sound_core.c b/sound/sound_core.c index b730d97..90d118c 100644 --- a/sound/sound_core.c +++ b/sound/sound_core.c @@ -275,7 +275,8 @@ static int sound_insert_unit(struct sound_unit **list, const struct file_operati goto retry; } spin_unlock(&sound_loader_lock); - return -EBUSY; + r = -EBUSY; + goto fail; } }
In sound_insert_unit(), the controlling structure 's' is allocated through kmalloc(). Then it is added to the sound driver list by invoking __sound_insert_unit(). Later on, if __register_chrdev() fails, 's' is removed from the list through __sound_remove_unit(). If 'index' is not less than 0, -EBUSY is returned to indicate the error. However, 's' is not deallocated on this execution path, leading to a memory leak bug. To fix the above issue, free 's' before -EBUSY is returned. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- sound/sound_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)