aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesper Juhl <jj@chaosbits.net>2011-01-02 15:57:24 -0500
committerMauro Carvalho Chehab <mchehab@redhat.com>2011-01-19 08:45:45 -0500
commitfd01ad98945073faeb25391489caef4844f265c4 (patch)
treeb242f6745723c112f35224b6e8cc9e20824e4c12
parent36fd97884daf4e30b556a6c59b58db19a06d58af (diff)
[media] media, tlg2300: Fix memory leak in alloc_bulk_urbs_generic()
Hi, While reading drivers/media/video/tlg2300/pd-video.c::alloc_bulk_urbs_generic() I noticed that - We don't free the memory allocated to 'urb' if the call to usb_alloc_coherent() fails. - If the 'num' argument to the function is ever <= 0 we'll return an uninitialized variable 'i' to the caller. The following patch addresses both of the above by a) calling usb_free_urb() when usb_alloc_coherent() fails and by explicitly initializing 'i' to zero. I also moved the variables 'mem' and 'urb' inside the for loop. This does not actually make any difference, it just seemed more correct to me to let variables exist only in the innermost scope they are used. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Huang Shijie <shijie8@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
-rw-r--r--drivers/media/video/tlg2300/pd-video.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/drivers/media/video/tlg2300/pd-video.c b/drivers/media/video/tlg2300/pd-video.c
index a1ffe18640f..df33a1d188b 100644
--- a/drivers/media/video/tlg2300/pd-video.c
+++ b/drivers/media/video/tlg2300/pd-video.c
@@ -512,19 +512,20 @@ int alloc_bulk_urbs_generic(struct urb **urb_array, int num,
512 int buf_size, gfp_t gfp_flags, 512 int buf_size, gfp_t gfp_flags,
513 usb_complete_t complete_fn, void *context) 513 usb_complete_t complete_fn, void *context)
514{ 514{
515 struct urb *urb; 515 int i = 0;
516 void *mem;
517 int i;
518 516
519 for (i = 0; i < num; i++) { 517 for (; i < num; i++) {
520 urb = usb_alloc_urb(0, gfp_flags); 518 void *mem;
519 struct urb *urb = usb_alloc_urb(0, gfp_flags);
521 if (urb == NULL) 520 if (urb == NULL)
522 return i; 521 return i;
523 522
524 mem = usb_alloc_coherent(udev, buf_size, gfp_flags, 523 mem = usb_alloc_coherent(udev, buf_size, gfp_flags,
525 &urb->transfer_dma); 524 &urb->transfer_dma);
526 if (mem == NULL) 525 if (mem == NULL) {
526 usb_free_urb(urb);
527 return i; 527 return i;
528 }
528 529
529 usb_fill_bulk_urb(urb, udev, usb_rcvbulkpipe(udev, ep_addr), 530 usb_fill_bulk_urb(urb, udev, usb_rcvbulkpipe(udev, ep_addr),
530 mem, buf_size, complete_fn, context); 531 mem, buf_size, complete_fn, context);