* [PATCH] staging: dgap: fix memory leak in dgap_parsefile()
@ 2015-09-30 6:09 Ronit Halder
2015-09-30 11:48 ` Dan Carpenter
0 siblings, 1 reply; 5+ messages in thread
From: Ronit Halder @ 2015-09-30 6:09 UTC (permalink / raw)
To: lidza.louina
Cc: daeseok.youn, gregkh, driverdev-devel, devel, linux-kernel,
Ronit Halder
In dgap_parsefile() char pointers are set with kstrdup()
without checking that some string is allocated to that
char pointer before. This patch frees the memory if already allocated
and then set the poniter with kstrdup().
Signed-off-by: Ronit halder <ronit.crj@gmail.com>
---
drivers/staging/dgap/dgap.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/dgap/dgap.c b/drivers/staging/dgap/dgap.c
index e17bde7..64f6149 100644
--- a/drivers/staging/dgap/dgap.c
+++ b/drivers/staging/dgap/dgap.c
@@ -672,6 +672,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.portstr);
p->u.board.portstr = kstrdup(s, GFP_KERNEL);
if (kstrtol(s, 0, &p->u.board.port)) {
pr_err("bad number for IO port");
@@ -690,6 +691,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.addrstr);
p->u.board.addrstr = kstrdup(s, GFP_KERNEL);
if (kstrtoul(s, 0, &p->u.board.addr)) {
pr_err("bad number for memory address");
@@ -708,6 +710,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.pcibusstr);
p->u.board.pcibusstr = kstrdup(s, GFP_KERNEL);
if (kstrtoul(s, 0, &p->u.board.pcibus)) {
pr_err("bad number for pci bus");
@@ -719,6 +722,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.pcislotstr);
p->u.board.pcislotstr = kstrdup(s, GFP_KERNEL);
if (kstrtoul(s, 0, &p->u.board.pcislot)) {
pr_err("bad number for pci slot");
@@ -737,6 +741,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.method);
p->u.board.method = kstrdup(s, GFP_KERNEL);
p->u.board.v_method = 1;
break;
@@ -751,6 +756,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.board.status);
p->u.board.status = kstrdup(s, GFP_KERNEL);
break;
@@ -800,13 +806,15 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
-
+ kfree(p->u.board.status);
p->u.board.status = kstrdup(s, GFP_KERNEL);
if (p->type == CNODE) {
+ kfree(p->u.conc.id);
p->u.conc.id = kstrdup(s, GFP_KERNEL);
p->u.conc.v_id = 1;
} else if (p->type == MNODE) {
+ kfree(p->u.module.id);
p->u.module.id = kstrdup(s, GFP_KERNEL);
p->u.module.v_id = 1;
} else {
@@ -1003,6 +1011,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.line.cable);
p->u.line.cable = kstrdup(s, GFP_KERNEL);
p->u.line.v_cable = 1;
}
@@ -1044,6 +1053,7 @@ static int dgap_parsefile(char **in)
pr_err("unexpected end of file");
return -1;
}
+ kfree(p->u.conc.connect);
p->u.conc.connect = kstrdup(s, GFP_KERNEL);
p->u.conc.v_connect = 1;
}
--
2.4.0.GIT
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] staging: dgap: fix memory leak in dgap_parsefile()
2015-09-30 6:09 [PATCH] staging: dgap: fix memory leak in dgap_parsefile() Ronit Halder
@ 2015-09-30 11:48 ` Dan Carpenter
2015-10-01 3:41 ` Ronit Halder
0 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2015-09-30 11:48 UTC (permalink / raw)
To: Ronit Halder
Cc: lidza.louina, devel, gregkh, daeseok.youn, driverdev-devel,
linux-kernel
On Wed, Sep 30, 2015 at 11:39:45AM +0530, Ronit Halder wrote:
> In dgap_parsefile() char pointers are set with kstrdup()
> without checking that some string is allocated to that
> char pointer before.
Why would this happen? Wouldn't it be better to reject the invalid
config file?
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] staging: dgap: fix memory leak in dgap_parsefile()
2015-09-30 11:48 ` Dan Carpenter
@ 2015-10-01 3:41 ` Ronit Halder
2015-10-01 15:04 ` Dan Carpenter
0 siblings, 1 reply; 5+ messages in thread
From: Ronit Halder @ 2015-10-01 3:41 UTC (permalink / raw)
To: Dan Carpenter
Cc: Lidza Louina, devel, Greg KH, DaeSeok Youn, driverdev-devel,
linux-kernel
The existing dgap_parsefile() rejects invalid config file.
But before we know that config file is invalid a lot of memory leak
can happen. Removing the chances of memory leak won't heart anyone.
regards,
Ronit Halder
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] staging: dgap: fix memory leak in dgap_parsefile()
2015-10-01 3:41 ` Ronit Halder
@ 2015-10-01 15:04 ` Dan Carpenter
2015-10-01 15:16 ` Ronit Halder
0 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2015-10-01 15:04 UTC (permalink / raw)
To: Ronit Halder
Cc: Lidza Louina, devel, Greg KH, DaeSeok Youn, driverdev-devel,
linux-kernel
On Thu, Oct 01, 2015 at 09:11:31AM +0530, Ronit Halder wrote:
> The existing dgap_parsefile() rejects invalid config file.
> But before we know that config file is invalid a lot of memory leak
> can happen. Removing the chances of memory leak won't heart anyone.
>
Why not just reject it earlier instead of allocating more data?
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-10-01 15:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-30 6:09 [PATCH] staging: dgap: fix memory leak in dgap_parsefile() Ronit Halder
2015-09-30 11:48 ` Dan Carpenter
2015-10-01 3:41 ` Ronit Halder
2015-10-01 15:04 ` Dan Carpenter
2015-10-01 15:16 ` Ronit Halder
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox