From: Alexey Khoroshilov <khoroshilov@ispras.ru>
To: Peter Meerwald <pmeerw@pmeerw.net>
Cc: Jonathan Cameron <jic23@cam.ac.uk>,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org,
ldv-project@ispras.ru, Lars-Peter Clausen <lars@metafoo.de>
Subject: Re: [PATCH] iio/adjd_s311: Fix potential memory leak in adjd_s311_update_scan_mode()
Date: Wed, 08 Aug 2012 13:01:29 +0400 [thread overview]
Message-ID: <50222AE9.600@ispras.ru> (raw)
In-Reply-To: <alpine.DEB.2.01.1208080911260.9959@pmeerw.net>
On 08/08/2012 11:17 AM, Peter Meerwald wrote:
>> Do not leak memory by updating pointer with potentially
>> NULL realloc return value.
> I agree
>
> use of krealloc() was suggested in driver review (see
> http://www.spinics.net/lists/linux-iio/msg05930.html) to shorten the code;
> unfortunately, I misunderstood the semantics of krealloc() in case
> allocation fails
>
> this is the original code:
>
> kfree(data->buffer);
> data->buffer = kmalloc(indio_dev->scan_bytes, GFP_KERNEL);
> if (!data->buffer)
> return -ENOMEM;
>
> I suggest to switch back to that original code, there is no need preserve
> the data in the buffer as krealloc does
That is fine.
>> Found by Linux Driver Verification project (linuxtesting.org).
>>
>> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
>> ---
>> drivers/iio/light/adjd_s311.c | 14 ++++++++++----
>> 1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/iio/light/adjd_s311.c b/drivers/iio/light/adjd_s311.c
>> index 1cbb449..0adda5b 100644
>> --- a/drivers/iio/light/adjd_s311.c
>> +++ b/drivers/iio/light/adjd_s311.c
>> @@ -271,12 +271,18 @@ static int adjd_s311_update_scan_mode(struct iio_dev *indio_dev,
>> const unsigned long *scan_mask)
>> {
>> struct adjd_s311_data *data = iio_priv(indio_dev);
>> - data->buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> + u16 *new_buffer;
>> + int ret = 0;
>> +
>> + new_buffer = krealloc(data->buffer, indio_dev->scan_bytes,
>> GFP_KERNEL);
>> - if (!data->buffer)
>> - return -ENOMEM;
>> + if (new_buffer == NULL) {
>> + kfree(data->buffer);
>> + ret = -ENOMEM;
>> + }
>> + data->buffer = new_buffer;
>>
>> - return 0;
>> + return ret;
>> }
>>
>> static const struct iio_info adjd_s311_info = {
>>
next prev parent reply other threads:[~2012-08-08 9:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-08 6:36 [PATCH] iio/adjd_s311: Fix potential memory leak in adjd_s311_update_scan_mode() Alexey Khoroshilov
2012-08-08 7:17 ` Peter Meerwald
2012-08-08 7:37 ` Lars-Peter Clausen
2012-08-08 9:01 ` Alexey Khoroshilov [this message]
2012-08-08 9:58 ` [PATCH v2] " Alexey Khoroshilov
2012-08-08 11:05 ` Peter Meerwald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50222AE9.600@ispras.ru \
--to=khoroshilov@ispras.ru \
--cc=jic23@cam.ac.uk \
--cc=lars@metafoo.de \
--cc=ldv-project@ispras.ru \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pmeerw@pmeerw.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.