staging: csr: fix possible memory leak in do_patch_convert_download()
authorWei Yongjun <yongjun_wei@trendmicro.com.cn>
Mon, 3 Sep 2012 10:15:26 +0000 (18:15 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 4 Sep 2012 21:14:07 +0000 (14:14 -0700)
pfw has been allocated in function xbv_to_patch() and should be
freed before leaving from the error handling cases.

spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/csr/csr_wifi_hip_download.c

index 8e4a4608ba5c990a0d6e531ceb163ba51c4c0bd1..6db672caaa029d302c3b82bdac672325a498d9d1 100644 (file)
@@ -250,6 +250,7 @@ static CsrResult do_patch_convert_download(card_t *card, void *dlpriv, xbv1_t *p
         if (r != CSR_RESULT_SUCCESS)
         {
             unifi_error(card->ospriv, "Failed to find BOOT_LOADER_CONTROL\n");
+            kfree(pfw);
             return CSR_RESULT_FAILURE;
         }
 
@@ -265,6 +266,7 @@ static CsrResult do_patch_convert_download(card_t *card, void *dlpriv, xbv1_t *p
         desc = unifi_fw_open_buffer(card->ospriv, pfw, psize);
         if (!desc)
         {
+            kfree(pfw);
             return CSR_WIFI_HIP_RESULT_NO_MEMORY;
         }