From: Dan Carpenter <dan.carpenter@oracle.com>
To: jthumshirn@suse.de
Cc: linux-gpio@vger.kernel.org
Subject: [bug report] pinctrl: berlin: Don't leak memory if krealloc() fails
Date: Wed, 12 Oct 2016 11:14:22 +0300 [thread overview]
Message-ID: <20161012081422.GA27222@mwanda> (raw)
Hello Johannes Thumshirn,
The patch e1547af8c059: "pinctrl: berlin: Don't leak memory if
krealloc() fails" from Sep 30, 2016, leads to the following static
checker warning:
drivers/pinctrl/berlin/berlin.c:244 berlin_pinctrl_build_state()
warn: passing devm_ allocated variable to kfree. 'pctrl->functions'
drivers/pinctrl/berlin/berlin.c
221
222 /* we will reallocate later */
223 pctrl->functions = devm_kzalloc(&pdev->dev,
224 max_functions * sizeof(*pctrl->functions),
225 GFP_KERNEL);
226 if (!pctrl->functions)
227 return -ENOMEM;
228
229 /* register all functions */
230 for (i = 0; i < pctrl->desc->ngroups; i++) {
231 desc_group = pctrl->desc->groups + i;
232 desc_function = desc_group->functions;
233
234 while (desc_function->name) {
235 berlin_pinctrl_add_function(pctrl, desc_function->name);
236 desc_function++;
237 }
238 }
239
240 functions = krealloc(pctrl->functions,
241 pctrl->nfunctions * sizeof(*pctrl->functions),
242 GFP_KERNEL);
243 if (!functions) {
244 kfree(pctrl->functions);
This will lead to a double free.
245 return -ENOMEM;
246 }
247 pctrl->functions = functions;
I'm really concerned about this generally. It's like we can't tell if
pctrl->functions is a managed allocation or not, and I can't immediately
see where it is freed when it's unmanaged.
248
regards,
dan carpenter
next reply other threads:[~2016-10-12 8:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-12 8:14 Dan Carpenter [this message]
2016-10-12 8:30 ` [bug report] pinctrl: berlin: Don't leak memory if krealloc() fails Johannes Thumshirn
2016-10-12 8:45 ` Dan Carpenter
2016-10-12 9:44 ` Johannes Thumshirn
2016-10-12 11:19 ` Dan Carpenter
2016-10-12 12:36 ` Johannes Thumshirn
2016-10-12 17:06 ` Dan Carpenter
2016-10-13 13:09 ` Johannes Thumshirn
2016-10-18 12:34 ` Linus Walleij
2016-10-18 14:12 ` Johannes Thumshirn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161012081422.GA27222@mwanda \
--to=dan.carpenter@oracle.com \
--cc=jthumshirn@suse.de \
--cc=linux-gpio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.