From b7378b9ed641b9e39f613d22c762a8ac2a15b8b8 Mon Sep 17 00:00:00 2001 From: Vasiliy Kulikov Date: Sun, 3 Oct 2010 21:58:46 +0400 Subject: [PATCH] staging: ft1000: fix error path init_ft1000_netdev() calls kfree(netdev) instead of free_netdev(netdev). It doesn't check kmalloc() return value. ft1000_read_fifo_reg() doesn't free dr on error and calls kfree(urb) instead of usb_free_urb(urb). Also kfree(NULL) is OK. Signed-off-by: Vasiliy Kulikov Signed-off-by: Greg Kroah-Hartman --- drivers/staging/ft1000/ft1000-usb/ft1000_hw.c | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c b/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c index 44395c0d8821..1f3317c4b1c5 100644 --- a/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c +++ b/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c @@ -991,6 +991,7 @@ u16 init_ft1000_netdev(struct ft1000_device *ft1000dev) FT1000_INFO *pInfo = NULL; PDPRAM_BLK pdpram_blk; int i; + struct list_head *cur, *tmp; gCardIndex=0; //mbelian @@ -1026,7 +1027,7 @@ u16 init_ft1000_netdev(struct ft1000_device *ft1000dev) } else { printk(KERN_ERR "ft1000: Invalid device name\n"); - kfree(netdev); + free_netdev(netdev); return STATUS_FAILURE; } } @@ -1099,8 +1100,14 @@ u16 init_ft1000_netdev(struct ft1000_device *ft1000dev) for (i=0; ipbuffer = kmalloc ( MAX_CMD_SQSIZE, GFP_KERNEL ); + if (pdpram_blk->pbuffer == NULL) { + kfree(pdpram_blk); + goto err_free; + } // link provisioning data list_add_tail (&pdpram_blk->list, &freercvpool); } @@ -1109,6 +1116,15 @@ u16 init_ft1000_netdev(struct ft1000_device *ft1000dev) return STATUS_SUCCESS; + +err_free: + list_for_each_safe(cur, tmp, &pdpram_blk->list) { + pdpram_blk = list_entry(cur, DPRAM_BLK, list); + list_del(&pdpram_blk->list); + kfree(pdpram_blk->pbuffer); + kfree(pdpram_blk); + } + return STATUS_FAILURE; } @@ -1265,7 +1281,8 @@ static int ft1000_read_fifo_reg(struct ft1000_device *ft1000dev,unsigned int pip if(!urb || !dr) { - if(urb) kfree(urb); + kfree(dr); + usb_free_urb(urb); spin_unlock(&ft1000dev->device_lock); return -ENOMEM; } -- 2.20.1