| Message ID | 20210922134945.27503-1-dinghao.liu@zju.edu.cn (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync | expand |
Hi Dinghao, > bdev->evt_skb will get freed in the normal path and one error path > of mtk_hci_wmt_sync, while the other error paths do not free it, > which may cause a memleak. This bug is suggested by a static analysis > tool, please advise. > > Fixes: e0b67035a90b ("Bluetooth: mediatek: update the common setup between MT7622 and other devices") > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > --- > drivers/bluetooth/btmtkuart.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=551035
---Test result---
Test Summary:
CheckPatch PASS 0.87 seconds
GitLint FAIL 0.30 seconds
BuildKernel PASS 667.69 seconds
TestRunner: Setup PASS 434.04 seconds
TestRunner: l2cap-tester PASS 3.30 seconds
TestRunner: bnep-tester PASS 2.21 seconds
TestRunner: mgmt-tester PASS 35.74 seconds
TestRunner: rfcomm-tester PASS 2.57 seconds
TestRunner: smp-tester PASS 2.60 seconds
TestRunner: userchan-tester PASS 2.28 seconds
Details
##############################
Test: GitLint - FAIL - 0.30 seconds
Run gitlint with rule in .gitlint
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
2: B4 Second line is not empty: "of mtk_hci_wmt_sync, while the other error paths do not free it,"
6: B1 Line exceeds max length (101>80): "Fixes: e0b67035a90b ("Bluetooth: mediatek: update the common setup between MT7622 and other devices")"
---
Regards,
Linux Bluetooth
diff --git a/drivers/bluetooth/btmtkuart.c b/drivers/bluetooth/btmtkuart.c index e9d91d7c0db4..9ba22b13b4fa 100644 --- a/drivers/bluetooth/btmtkuart.c +++ b/drivers/bluetooth/btmtkuart.c @@ -158,8 +158,10 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, int err; hlen = sizeof(*hdr) + wmt_params->dlen; - if (hlen > 255) - return -EINVAL; + if (hlen > 255) { + err = -EINVAL; + goto err_free_skb; + } hdr = (struct mtk_wmt_hdr *)&wc; hdr->dir = 1; @@ -173,7 +175,7 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc); if (err < 0) { clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return err; + goto err_free_skb; } /* The vendor specific WMT commands are all answered by a vendor @@ -190,13 +192,14 @@ static int mtk_hci_wmt_sync(struct hci_dev *hdev, if (err == -EINTR) { bt_dev_err(hdev, "Execution of wmt command interrupted"); clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return err; + goto err_free_skb; } if (err) { bt_dev_err(hdev, "Execution of wmt command timed out"); clear_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state); - return -ETIMEDOUT; + err = -ETIMEDOUT; + goto err_free_skb; } /* Parse and handle the return WMT event */
bdev->evt_skb will get freed in the normal path and one error path of mtk_hci_wmt_sync, while the other error paths do not free it, which may cause a memleak. This bug is suggested by a static analysis tool, please advise. Fixes: e0b67035a90b ("Bluetooth: mediatek: update the common setup between MT7622 and other devices") Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> --- drivers/bluetooth/btmtkuart.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)