diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2015-03-21 02:02:23 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2015-03-22 03:03:54 -0400 |
| commit | baf880a96859cca79208122e555e7efeabd16e4d (patch) | |
| tree | f0b1f60266422f2777c16dd689fcaed1556702e0 /net | |
| parent | 15c32c5ff2d41dcf368e02607639843905b6db1a (diff) | |
Bluetooth: Fix memory leak in le_scan_disable_work_complete()
The hci_request in le_scan_disable_work_complete() was being initialized
in a general context but only used in a specific branch in the function
(when simultaneous discovery is not supported). This patch moves the
usage to be limited to the branch where hci_req_run() is actually
called.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_core.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 773f2164d9a1..17f52a195ba8 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -2874,7 +2874,6 @@ static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status, | |||
| 2874 | { | 2874 | { |
| 2875 | /* General inquiry access code (GIAC) */ | 2875 | /* General inquiry access code (GIAC) */ |
| 2876 | u8 lap[3] = { 0x33, 0x8b, 0x9e }; | 2876 | u8 lap[3] = { 0x33, 0x8b, 0x9e }; |
| 2877 | struct hci_request req; | ||
| 2878 | struct hci_cp_inquiry cp; | 2877 | struct hci_cp_inquiry cp; |
| 2879 | int err; | 2878 | int err; |
| 2880 | 2879 | ||
| @@ -2893,13 +2892,6 @@ static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status, | |||
| 2893 | break; | 2892 | break; |
| 2894 | 2893 | ||
| 2895 | case DISCOV_TYPE_INTERLEAVED: | 2894 | case DISCOV_TYPE_INTERLEAVED: |
| 2896 | hci_req_init(&req, hdev); | ||
| 2897 | |||
| 2898 | memset(&cp, 0, sizeof(cp)); | ||
| 2899 | memcpy(&cp.lap, lap, sizeof(cp.lap)); | ||
| 2900 | cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN; | ||
| 2901 | hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp); | ||
| 2902 | |||
| 2903 | hci_dev_lock(hdev); | 2895 | hci_dev_lock(hdev); |
| 2904 | 2896 | ||
| 2905 | if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, | 2897 | if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, |
| @@ -2914,8 +2906,17 @@ static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status, | |||
| 2914 | hci_discovery_set_state(hdev, | 2906 | hci_discovery_set_state(hdev, |
| 2915 | DISCOVERY_STOPPED); | 2907 | DISCOVERY_STOPPED); |
| 2916 | } else { | 2908 | } else { |
| 2909 | struct hci_request req; | ||
| 2910 | |||
| 2917 | hci_inquiry_cache_flush(hdev); | 2911 | hci_inquiry_cache_flush(hdev); |
| 2918 | 2912 | ||
| 2913 | hci_req_init(&req, hdev); | ||
| 2914 | |||
| 2915 | memset(&cp, 0, sizeof(cp)); | ||
| 2916 | memcpy(&cp.lap, lap, sizeof(cp.lap)); | ||
| 2917 | cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN; | ||
| 2918 | hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp); | ||
| 2919 | |||
| 2919 | err = hci_req_run(&req, inquiry_complete); | 2920 | err = hci_req_run(&req, inquiry_complete); |
| 2920 | if (err) { | 2921 | if (err) { |
| 2921 | BT_ERR("Inquiry request failed: err %d", err); | 2922 | BT_ERR("Inquiry request failed: err %d", err); |