* [PATCH 2.6.19-rc1 2/2] drivers/media/video/se401.c: check kmalloc() return value.
@ 2006-10-11 6:45 Amit Choudhary
0 siblings, 0 replies; only message in thread
From: Amit Choudhary @ 2006-10-11 6:45 UTC (permalink / raw)
To: Linux Kernel
Description: In function se401_stop_stream() [drivers/media/video/se401.c], se401->sbuf[i].data was freed only when se401->urb[i] existed. This could result in a memory leak because sbuf[i].data is allocated before urb[i]. Hence, if the memory gets exhausted while allocating for sbuf[i], the urb[i] would still be NULL, and this would result in sbuf[i] not getting freed when se401_stop_stream() is called.
Signed-off-by: Amit Choudhary <amit2030@gmail.com>
diff --git a/drivers/media/video/se401.c b/drivers/media/video/se401.c
index 20b91db..d411a27 100644
--- a/drivers/media/video/se401.c
+++ b/drivers/media/video/se401.c
@@ -509,11 +509,14 @@ static int se401_stop_stream(struct usb_
se401_sndctrl(1, se401, SE401_REQ_LED_CONTROL, 0, NULL, 0);
se401_sndctrl(1, se401, SE401_REQ_CAMERA_POWER, 0, NULL, 0);
- for (i=0; i<SE401_NUMSBUF; i++) if (se401->urb[i]) {
- usb_kill_urb(se401->urb[i]);
- usb_free_urb(se401->urb[i]);
- se401->urb[i]=NULL;
+ for (i=0; i<SE401_NUMSBUF; i++) {
+ if (se401->urb[i]) {
+ usb_kill_urb(se401->urb[i]);
+ usb_free_urb(se401->urb[i]);
+ se401->urb[i]=NULL;
+ }
kfree(se401->sbuf[i].data);
+ se401->sbuf[i].data=NULL;
}
for (i=0; i<SE401_NUMSCRATCH; i++) {
kfree(se401->scratch[i].data);
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2006-10-11 6:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-11 6:45 [PATCH 2.6.19-rc1 2/2] drivers/media/video/se401.c: check kmalloc() return value Amit Choudhary
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox