A call to cfg80211_get_bss hould be accompanied by a call to
cfg80211_put_bss in error-handling code.
A simplified version of the semantic match that finds this problem is:
(http://coccinelle.lip6.fr/)
// <smpl>
@r exists@
local idexpression struct cfg80211_bss * x;
expression ra,rr;
position p1,p2;
@@
x = cfg80211_get_bss@p1(...)
... when != x = rr
when != cfg80211_put_bss(x,...)
when != if (...) { ... cfg80211_put_bss(x,...) ...}
if(...) { ... when != x = ra
when forall
when != cfg80211_put_bss(x,...)
\(return <+...x...+>; \| return@p2...; \) }
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
cocci.print_main("cfg80211_get_bss",p1)
cocci.print_secs("return",p2)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
if(!ieeemgmtbuf) {
AR_DEBUG_PRINTF(ATH_DEBUG_ERR,
("%s: ieeeMgmtbuf alloc error\n", __func__));
+ cfg80211_put_bss(bss);
return;
}