From: Matthias Schwarzott <zzam@gentoo.org>
To: Jesper Juhl <jj@chaosbits.net>
Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
Dan Carpenter <error27@gmail.com>, Tejun Heo <tj@kernel.org>,
Mauro Carvalho Chehab <mchehab@infradead.org>
Subject: Re: [Patch] Zarlink zl10036 DVB-S: Fix mem leak in zl10036_attach
Date: Thu, 17 Feb 2011 20:54:06 +0100 [thread overview]
Message-ID: <201102172054.12773.zzam@gentoo.org> (raw)
In-Reply-To: <alpine.LNX.2.00.1102062128391.13593@swampdragon.chaosbits.net>
On Sunday 06 February 2011, Jesper Juhl wrote:
> If the memory allocation to 'state' succeeds but we jump to the 'error'
> label before 'state' is assigned to fe->tuner_priv, then the call to
> 'zl10036_release(fe)' at the 'error:' label will not free 'state', but
> only what was previously assigned to 'tuner_priv', thus leaking the memory
> allocated to 'state'.
> There are may ways to fix this, including assigning the allocated memory
> directly to 'fe->tuner_priv', but I did not go for that since the
> additional pointer derefs are more expensive than the local variable, so I
> just added a 'kfree(state)' call. I guess the call to 'zl10036_release'
> might not even be needed in this case, but I wasn't sure, so I left it in.
>
Yeah, that call to zl10036_release can be completely eleminated.
Another thing is: jumping to the error label only makes sense when memory was
already allocated. So the jump in line 471 can be replaced by "return NULL",
as the other error handling before allocation:
if (NULL == config) {
printk(KERN_ERR "%s: no config specified", __func__);
goto error;
}
I suggest to improve the patch to clean the code up when changing that.
But I am fine with commiting this patch also if you do not want to change it.
Regards
Matthias
Signed-off-by: Matthias Schwarzott <zzam@gentoo.org>
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
> ---
> zl10036.c | 1 +
> 1 file changed, 1 insertion(+)
>
> compile tested only.
>
> diff --git a/drivers/media/dvb/frontends/zl10036.c
> b/drivers/media/dvb/frontends/zl10036.c index 4627f49..b4fb8e8 100644
> --- a/drivers/media/dvb/frontends/zl10036.c
> +++ b/drivers/media/dvb/frontends/zl10036.c
> @@ -508,6 +508,7 @@ struct dvb_frontend *zl10036_attach(struct dvb_frontend
> *fe,
>
> error:
> zl10036_release(fe);
> + kfree(state);
> return NULL;
> }
> EXPORT_SYMBOL(zl10036_attach);
next prev parent reply other threads:[~2011-02-17 19:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-06 20:33 [Patch] Zarlink zl10036 DVB-S: Fix mem leak in zl10036_attach Jesper Juhl
2011-02-17 19:54 ` Matthias Schwarzott [this message]
2011-02-17 20:33 ` Jesper Juhl
2011-02-17 20:45 ` Matthias Schwarzott
2011-03-21 20:36 ` Jesper Juhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201102172054.12773.zzam@gentoo.org \
--to=zzam@gentoo.org \
--cc=error27@gmail.com \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox