From patchwork Sun Sep 2 13:21:46 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wei Yongjun X-Patchwork-Id: 1396591 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 9A639DF283 for ; Sun, 2 Sep 2012 13:22:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752231Ab2IBNVs (ORCPT ); Sun, 2 Sep 2012 09:21:48 -0400 Received: from mail-qa0-f46.google.com ([209.85.216.46]:42252 "EHLO mail-qa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752063Ab2IBNVr (ORCPT ); Sun, 2 Sep 2012 09:21:47 -0400 Received: by qaas11 with SMTP id s11so1807490qaa.19 for ; Sun, 02 Sep 2012 06:21:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=lMM3UkzLQJHsfwXGCTVyUjQvPLe2SkFpbx5Lk5nZ4Uo=; b=Z/t8ilZ/xK+T8s/RUTUeHK7kby28ZoOXlvoFgDmrEuFOHVZaEFZbY2o/I6Y4hJBwOt SMn1HmVBXTGGINoTo2t6w87YNlnfNVdh1Mosb+cWspyZLNLjskAb6dRBiNV1yMcQCJaS wX+LgyAFZXRYcoTs2/8f5CVinOC2QUilbQ6xb+I/B7bgNiPkhBvcO3B8aO/hoC1FJmTv qqB3cOd9lxS9RJtZUeS4GwtqLFIoGu9J4FPSBOTCa536axVAfNHHFrX/iTkVlsAi5aHu LHhtU86ttia1tvrmTMfrQakDlbU2CexQMIUk7Okbo4Sm9ewJZ5NEIWpZ2nhtFdWyNmav tWpg== MIME-Version: 1.0 Received: by 10.224.185.15 with SMTP id cm15mr29662252qab.8.1346592106627; Sun, 02 Sep 2012 06:21:46 -0700 (PDT) Received: by 10.229.146.194 with HTTP; Sun, 2 Sep 2012 06:21:46 -0700 (PDT) Date: Sun, 2 Sep 2012 21:21:46 +0800 Message-ID: Subject: [PATCH] NFC: fix possible memory leak From: Wei Yongjun To: lauro.venancio@openbossa.org, aloisio.almeida@openbossa.org, sameo@linux.intel.com, davem@davemloft.net Cc: yongjun_wei@trendmicro.com.cn, linux-wireless@vger.kernel.org, netdev@vger.kernel.org Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Wei Yongjun nfc_llcp_build_tlv() malloced the memory and should be free in nfc_llcp_build_gb() after used, and the same in the error handling case, otherwise it will cause memory leak. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: Wei Yongjun --- net/nfc/llcp/llcp.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index 82f0f75..8152973 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c @@ -426,6 +426,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local) u8 *miux_tlv, miux_length; __be16 miux; u8 gb_len = 0; + int ret = 0; version = LLCP_VERSION_11; version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version, @@ -450,8 +451,8 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local) gb_len += ARRAY_SIZE(llcp_magic); if (gb_len > NFC_MAX_GT_LEN) { - kfree(version_tlv); - return -EINVAL; + ret = -EINVAL; + goto out; } gb_cur = local->gb; @@ -471,12 +472,15 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local) memcpy(gb_cur, miux_tlv, miux_length); gb_cur += miux_length; + local->gb_len = gb_len; + +out: kfree(version_tlv); kfree(lto_tlv); + kfree(wks_tlv); + kfree(miux_tlv); - local->gb_len = gb_len; - - return 0; + return ret; } u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)