| Message ID | 1532344186-30505-1-git-send-email-wangxidong_97@163.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/1] usb:gadget:function:fix memory leak | expand |
hi, Xidong Wang <wangxidong_97@163.com> writes: > In function f_audio_set_alt(), the memory allocated by > usb_ep_alloc_request() is not released on the error path > that req->buf, which holds the return value of kzalloc(), > is NULL. This will result in a memory leak bug. > > Signed-off-by: Xidong Wang <wangxidong_97@163.com> > --- > drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c > index 24c086b..2fcdade 100644 > --- a/drivers/usb/gadget/function/f_uac1_legacy.c > +++ b/drivers/usb/gadget/function/f_uac1_legacy.c > @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt) > ERROR(cdev, > "%s queue req: %d\n", > out_ep->name, err); > - } else > + } else { > + usb_ep_free_request( > + out_ep, req); > err = -ENOMEM; > + } I feel like this hunk has been ping ponging between having usb_ep_free_request() and not having it because completion callback will call usb_ep_free_request() or something along those lines. Can we get a final solution that solves all cases and doesn't introduce other bugs?
diff --git a/drivers/usb/gadget/function/f_uac1_legacy.c b/drivers/usb/gadget/function/f_uac1_legacy.c index 24c086b..2fcdade 100644 --- a/drivers/usb/gadget/function/f_uac1_legacy.c +++ b/drivers/usb/gadget/function/f_uac1_legacy.c @@ -630,8 +630,11 @@ static int f_audio_set_alt(struct usb_function *f, unsigned intf, unsigned alt) ERROR(cdev, "%s queue req: %d\n", out_ep->name, err); - } else + } else { + usb_ep_free_request( + out_ep, req); err = -ENOMEM; + } } else err = -ENOMEM; }
In function f_audio_set_alt(), the memory allocated by usb_ep_alloc_request() is not released on the error path that req->buf, which holds the return value of kzalloc(), is NULL. This will result in a memory leak bug. Signed-off-by: Xidong Wang <wangxidong_97@163.com> --- drivers/usb/gadget/function/f_uac1_legacy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)