summaryrefslogtreecommitdiffstats
path: root/drivers/usb/host/whci/qset.c
diff options
context:
space:
mode:
authorAlexey Khoroshilov2012-08-08 10:53:07 +0200
committerGreg Kroah-Hartman2012-08-10 21:06:39 +0200
commit05f2b3912323b4130dbf6d5091601d9ca3aaf119 (patch)
treeb92d2ba4a7244ed594cb717334004190c9b376ec /drivers/usb/host/whci/qset.c
parentwusb: Fix potential memory leak in wusb_dev_sec_add() (diff)
downloadkernel-qcow2-linux-05f2b3912323b4130dbf6d5091601d9ca3aaf119.tar.gz
kernel-qcow2-linux-05f2b3912323b4130dbf6d5091601d9ca3aaf119.tar.xz
kernel-qcow2-linux-05f2b3912323b4130dbf6d5091601d9ca3aaf119.zip
USB: whci-hcd: Fix potential memory leak in qset_add_urb_sg()
Do not leak memory by updating pointer with potentially NULL realloc return value. By the way remove unused local variable: struct whc_page_list_entry *entry; More precisely, it was used to increment uninitialized value within one of cycles. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/usb/host/whci/qset.c')
-rw-r--r--drivers/usb/host/whci/qset.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/drivers/usb/host/whci/qset.c b/drivers/usb/host/whci/qset.c
index 76083ae92138..dc31c425ce01 100644
--- a/drivers/usb/host/whci/qset.c
+++ b/drivers/usb/host/whci/qset.c
@@ -436,7 +436,7 @@ static int qset_add_urb_sg(struct whc *whc, struct whc_qset *qset, struct urb *u
int i;
int ntds = 0;
struct whc_std *std = NULL;
- struct whc_page_list_entry *entry;
+ struct whc_page_list_entry *new_pl_virt;
dma_addr_t prev_end = 0;
size_t pl_len;
int p = 0;
@@ -508,12 +508,15 @@ static int qset_add_urb_sg(struct whc *whc, struct whc_qset *qset, struct urb *u
pl_len = std->num_pointers * sizeof(struct whc_page_list_entry);
- std->pl_virt = krealloc(std->pl_virt, pl_len, mem_flags);
- if (std->pl_virt == NULL) {
+ new_pl_virt = krealloc(std->pl_virt, pl_len, mem_flags);
+ if (new_pl_virt == NULL) {
+ kfree(std->pl_virt);
+ std->pl_virt = NULL;
return -ENOMEM;
}
+ std->pl_virt = new_pl_virt;
- for (;p < std->num_pointers; p++, entry++) {
+ for (;p < std->num_pointers; p++) {
std->pl_virt[p].buf_ptr = cpu_to_le64(dma_addr);
dma_addr = (dma_addr + WHCI_PAGE_SIZE) & ~(WHCI_PAGE_SIZE-1);
}