drivers/video/gbefb.c: eliminate memory leak

This code is preceded by a call to framebuffer_alloc, which allocates
memory, so this memory should be freed before leaving the function in an
error case.  out_release_framebuffer just frees the frame buffer and
returns.

A simplified version of the semantic match that finds this problem is:
(http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
local idexpression x;
expression E;
identifier f1;
iterator I;
@@

x = framebuffer_alloc(...);
<... when != x
     when != true (x == NULL || ...)
     when != if (...) { <+...x...+> }
     when != I (...) { <+...x...+> }
(
 x == NULL
|
 x == E
|
 x->f1
)
...>
* return ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/drivers/video/gbefb.c b/drivers/video/gbefb.c
index ca3355e430bfd18ac5e55897fd4cab633d3772f8..933899dca33a9ff4bd4cba5674ec2880a6a278c9 100644 (file)
--- a/drivers/video/gbefb.c
+++ b/drivers/video/gbefb.c
@@ -1143,8 +1143,10 @@ static int __devinit gbefb_probe(struct platform_device *p_dev)
                return -ENOMEM;
 
 #ifndef MODULE
-       if (fb_get_options("gbefb", &options))
-               return -ENODEV;
+       if (fb_get_options("gbefb", &options)) {
+               ret = -ENODEV;
+               goto out_release_framebuffer;
+       }
        gbefb_setup(options);
 #endif