In the first hunk, 0 is returned on memory allocation failure, even though
other failures return -ENOMEM or other similar values.
In the second hunk, there was error handling code that returned without
freeing psz_path_name.
A simplified version of the semantic match that finds the first problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression ret;
expression x,e1,e2,e3;
@@
ret = 0
... when != ret = e1
*x = \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != ret = e2
if (x == NULL) { ... when != ret = e3
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
args->args_mgr_registerobject.psz_path_name) +
1;
psz_path_name = kmalloc(path_size, GFP_KERNEL);
- if (!psz_path_name)
+ if (!psz_path_name) {
+ status = -ENOMEM;
goto func_end;
+ }
ret = strncpy_from_user(psz_path_name,
(char *)args->args_mgr_registerobject.
psz_path_name, path_size);
goto func_end;
}
- if (args->args_mgr_registerobject.obj_type >= DSP_DCDMAXOBJTYPE)
- return -EINVAL;
+ if (args->args_mgr_registerobject.obj_type >= DSP_DCDMAXOBJTYPE) {
+ status = -EINVAL;
+ goto func_end;
+ }
status = dcd_register_object(&uuid_obj,
args->args_mgr_registerobject.obj_type,
projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff