spid has been allocated in this function and so should be freed before
leaving it, as in the other error handling cases.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
@r exists@
expression E,E1;
statement S;
position p1,p2,p3;
@@
E =@p1 \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != E = E1
if (E == NULL || ...) S
... when != E = E1
if@p2 (...) {
... when != kfree(E)
}
... when != E = E1
kfree@p3(E);
@forall@
position r.p2;
expression r.E;
int E1 != 0;
@@
* if@p2 (...) {
... when != kfree(E)
when strict
return E1; }
Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
*/
if (copy_from_user(spid, data->dataptr, SCIOC_SPIDSIZE)) {
kfree(rcvmsg);
+ kfree(spid);
return -EFAULT;
}