| Message ID | 1566107933-3355-1-git-send-email-wenwen@cs.uga.edu (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | Kieran Bingham |
| Headers | show |
| Series | media: fdp1: Fix a memory leak bug | expand |
Hi Wenwen, On 18/08/2019 06:58, Wenwen Wang wrote: > In fdp1_open(), 'ctx' is allocated through kzalloc(). However, it is not > deallocated if v4l2_ctrl_new_std() fails, leading to a memory leak bug. To > fix this issue, free 'ctx' before going to the 'done' label. We could also free it up in the error path, with an if (ret) kfree(ctx); and remove the kfree which is in the "if (IS_ERR(ctx->fh.m2m_ctx))" check. But I think that doesn't gain much really. So this is ok by me... If you prefer that method, then feel free to submit a v2, Otherwise I think this is fine: Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > --- > drivers/media/platform/rcar_fdp1.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c > index 43aae9b..9e4b330 100644 > --- a/drivers/media/platform/rcar_fdp1.c > +++ b/drivers/media/platform/rcar_fdp1.c > @@ -2122,6 +2122,7 @@ static int fdp1_open(struct file *file) > if (ctx->hdl.error) { > ret = ctx->hdl.error; > v4l2_ctrl_handler_free(&ctx->hdl); > + kfree(ctx); > goto done; > } > >
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c index 43aae9b..9e4b330 100644 --- a/drivers/media/platform/rcar_fdp1.c +++ b/drivers/media/platform/rcar_fdp1.c @@ -2122,6 +2122,7 @@ static int fdp1_open(struct file *file) if (ctx->hdl.error) { ret = ctx->hdl.error; v4l2_ctrl_handler_free(&ctx->hdl); + kfree(ctx); goto done; }
In fdp1_open(), 'ctx' is allocated through kzalloc(). However, it is not deallocated if v4l2_ctrl_new_std() fails, leading to a memory leak bug. To fix this issue, free 'ctx' before going to the 'done' label. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- drivers/media/platform/rcar_fdp1.c | 1 + 1 file changed, 1 insertion(+)