From 2bb6a12a88aeac9bab4ed0cf0da1edc03f5eb686 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Fri, 11 Sep 2009 18:22:27 +0200 Subject: [PATCH] Staging: dream: introduce missing kfree Error handling code following a kmalloc or kzalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // @r exists@ local idexpression x; statement S; expression E; identifier f,f1,l; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...); ... if (x == NULL) S <... when != x when != if (...) { <+...x...+> } ( x->f1 = E | (x->f1 == NULL || ...) | f(...,x->f1,...) ) ...> ( return \(0\|<+...x...+>\|ptr\); | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line) // Signed-off-by: Julia Lawall --- drivers/staging/dream/camera/msm_v4l2.c | 8 ++++++-- drivers/staging/dream/camera/msm_vfe8x_proc.c | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/staging/dream/camera/msm_v4l2.c b/drivers/staging/dream/camera/msm_v4l2.c index 46a6eb1cf53f..6a7d46cf11eb 100644 --- a/drivers/staging/dream/camera/msm_v4l2.c +++ b/drivers/staging/dream/camera/msm_v4l2.c @@ -521,13 +521,17 @@ static int msm_v4l2_s_fmt_cap(struct file *f, ctrlcmd->value = pfmt; ctrlcmd->timeout_ms = 10000; - if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) + if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) { + kfree(ctrlcmd); return -1; + } #if 0 /* FIXEME */ - if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420) + if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420) { + kfree(ctrlcmd); return -EINVAL; + } #endif /* Ok, but check other params, too. */ diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c index 5436f7120018..10aef0e59bab 100644 --- a/drivers/staging/dream/camera/msm_vfe8x_proc.c +++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c @@ -967,8 +967,10 @@ vfe_send_af_stats_msg(uint32_t afBufAddress) /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto af_stats_done; + } msg->_d = VFE_MSG_ID_STATS_AUTOFOCUS; msg->_u.msgStatsAf.afBuffer = afBufAddress; @@ -1053,8 +1055,10 @@ static void vfe_send_awb_stats_msg(uint32_t awbBufAddress) /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto awb_stats_done; + } msg->_d = VFE_MSG_ID_STATS_WB_EXP; msg->_u.msgStatsWbExp.awbBuffer = awbBufAddress; @@ -1483,8 +1487,10 @@ static void vfe_send_output2_msg( /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto output2_msg_done; + } msg->_d = VFE_MSG_ID_OUTPUT2; @@ -1518,8 +1524,10 @@ static void vfe_send_output1_msg( /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto output1_msg_done; + } msg->_d = VFE_MSG_ID_OUTPUT1; memmove(&(msg->_u), -- 2.20.1