diff options
author | Duncan Sands <duncan.sands@math.u-psud.fr> | 2005-05-27 10:00:08 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2005-06-27 14:43:58 -0700 |
commit | 65412e48e21ff4fdaf2aea1565ef4fb3ef5262ce (patch) | |
tree | 084813b21b98aed0ef97db6160663e5abff0991a /drivers/usb | |
parent | e20d6645f794b51835e6f740a5b6f95c7e3fd843 (diff) | |
download | lwn-65412e48e21ff4fdaf2aea1565ef4fb3ef5262ce.tar.gz lwn-65412e48e21ff4fdaf2aea1565ef4fb3ef5262ce.zip |
[PATCH] USB ATM: avoid oops on bind failure; plug memory leak
Zero the entire instance, not just the struct usbatm_data head.
Make sure the just allocated urb is freed if we fail to allocate
a buffer. Based on a patch by Stanislaw W. Gruszka.
Signed-off-by: Duncan Sands <baldrick@free.fr>
Acked-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb')
-rw-r--r-- | drivers/usb/atm/usbatm.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c index bb2b5d256e34..b178c800ced8 100644 --- a/drivers/usb/atm/usbatm.c +++ b/drivers/usb/atm/usbatm.c @@ -949,6 +949,7 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, struct usb_device *usb_dev = interface_to_usbdev(intf); struct usbatm_data *instance; char *buf; + size_t instance_size = sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs); int error = -ENOMEM; int i, length; int need_heavy; @@ -960,14 +961,13 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, intf->altsetting->desc.bInterfaceNumber); /* instance init */ - instance = kmalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs), - GFP_KERNEL); + instance = kmalloc(instance_size, GFP_KERNEL); if (!instance) { dev_dbg(dev, "%s: no memory for instance data!\n", __func__); return -ENOMEM; } - memset(instance, 0, sizeof(*instance)); + memset(instance, 0, instance_size); /* public fields */ @@ -1051,6 +1051,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, goto fail_unbind; } + instance->urbs[i] = urb; + buffer = kmalloc(channel->buf_size, GFP_KERNEL); if (!buffer) { dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i); @@ -1078,7 +1080,6 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, vdbg("%s: alloced buffer 0x%p buf size %u urb 0x%p", __func__, urb->transfer_buffer, urb->transfer_buffer_length, urb); - instance->urbs[i] = urb; } if (need_heavy && driver->heavy_init) { |