From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
To: Wenwen Wang <wenwen@cs.uga.edu>
Cc: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>,
"supporter:INTEL WIRELESS WIMAX CONNECTION 2400"
<linux-wimax@intel.com>, "David S. Miller" <davem@davemloft.net>,
"open list:NETWORKING DRIVERS" <netdev@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] wimax/i2400m: fix a memory leak bug
Date: Thu, 15 Aug 2019 14:45:05 -0400 [thread overview]
Message-ID: <20190815184505.o7o2ojt7ag4shh7u@oracle.com> (raw)
In-Reply-To: <1565892301-2812-1-git-send-email-wenwen@cs.uga.edu>
* Wenwen Wang <wenwen@cs.uga.edu> [190815 14:05]:
> In i2400m_barker_db_init(), 'options_orig' is allocated through kstrdup()
> to hold the original command line options. Then, the options are parsed.
> However, if an error occurs during the parsing process, 'options_orig' is
> not deallocated, leading to a memory leak bug. To fix this issue, free
> 'options_orig' before returning the error.
>
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
> drivers/net/wimax/i2400m/fw.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wimax/i2400m/fw.c b/drivers/net/wimax/i2400m/fw.c
> index e9fc168..6b36f6d 100644
> --- a/drivers/net/wimax/i2400m/fw.c
> +++ b/drivers/net/wimax/i2400m/fw.c
> @@ -342,6 +342,7 @@ int i2400m_barker_db_init(const char *_options)
> "a 32-bit number\n",
> __func__, token);
> result = -EINVAL;
> + kfree(options_orig);
> goto error_parse;
> }
> if (barker == 0) {
> @@ -350,8 +351,10 @@ int i2400m_barker_db_init(const char *_options)
> continue;
> }
> result = i2400m_barker_db_add(barker);
> - if (result < 0)
> + if (result < 0) {
> + kfree(options_orig);
> goto error_add;
I know that you didn't add this error_add label, but it seems like the
incorrect goto label. Although looking at the caller indicates an add
failed, this label is used prior to and after the memory leak you are
trying to fix. It might be better to change this label to something
like error_parse_add and move the kfree to the unwinding. If a new
label is used, it becomes more clear as to what is being undone and
there aren't two jumps into an unwind from two very different stages of
the function. Adding a new label also has the benefit of moving the
kfree to the unwind of error_parse.
Thanks,
Liam
> + }
> }
> kfree(options_orig);
> }
> --
> 2.7.4
>
next prev parent reply other threads:[~2019-08-15 18:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-15 18:05 [PATCH] wimax/i2400m: fix a memory leak bug Wenwen Wang
2019-08-15 18:45 ` Liam R. Howlett [this message]
2019-08-15 20:05 ` Wenwen Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190815184505.o7o2ojt7ag4shh7u@oracle.com \
--to=liam.howlett@oracle.com \
--cc=davem@davemloft.net \
--cc=inaky.perez-gonzalez@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wimax@intel.com \
--cc=netdev@vger.kernel.org \
--cc=wenwen@cs.uga.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox