[PATCH] USB ATM: avoid oops on bind failure; plug memory leak
authorDuncan Sands <duncan.sands@math.u-psud.fr>
Fri, 27 May 2005 08:00:08 +0000 (10:00 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 27 Jun 2005 21:43:58 +0000 (14:43 -0700)
Zero the entire instance, not just the struct usbatm_data head.
Make sure the just allocated urb is freed if we fail to allocate
a buffer.  Based on a patch by Stanislaw W. Gruszka.

Signed-off-by: Duncan Sands <baldrick@free.fr>
Acked-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/atm/usbatm.c

index bb2b5d256e34d3027f185c9f0ff1eaf3a2c59239..b178c800ced8045f87f6528a13514b21232a072b 100644 (file)
@@ -949,6 +949,7 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
        struct usb_device *usb_dev = interface_to_usbdev(intf);
        struct usbatm_data *instance;
        char *buf;
+       size_t instance_size = sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs);
        int error = -ENOMEM;
        int i, length;
        int need_heavy;
@@ -960,14 +961,13 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
                        intf->altsetting->desc.bInterfaceNumber);
 
        /* instance init */
-       instance = kmalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs),
-                          GFP_KERNEL);
+       instance = kmalloc(instance_size, GFP_KERNEL);
        if (!instance) {
                dev_dbg(dev, "%s: no memory for instance data!\n", __func__);
                return -ENOMEM;
        }
 
-       memset(instance, 0, sizeof(*instance));
+       memset(instance, 0, instance_size);
 
        /* public fields */
 
@@ -1051,6 +1051,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
                        goto fail_unbind;
                }
 
+               instance->urbs[i] = urb;
+
                buffer = kmalloc(channel->buf_size, GFP_KERNEL);
                if (!buffer) {
                        dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i);
@@ -1078,7 +1080,6 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
 
                vdbg("%s: alloced buffer 0x%p buf size %u urb 0x%p",
                     __func__, urb->transfer_buffer, urb->transfer_buffer_length, urb);
-               instance->urbs[i] = urb;
        }
 
        if (need_heavy && driver->heavy_init) {