>Number: 6583 >Category: kernel >Synopsis: memory leak in usbd_set_config_index() >Confidential: yes >Severity: serious >Priority: medium >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Mon Mar 28 15:10:01 GMT 2011 >Closed-Date: >Last-Modified: >Originator: >Release: >Organization: >Environment: System : OpenBSD 4.8 Details : OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386 Machine : i386 >Description: dev->ifaces is not freed after failure of usbd_fill_iface_data() in usbd_set_config_index(). >How-To-Repeat: >Fix: See the following diff: Index: dev/usb/usb_subr.c =================================================================== RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v retrieving revision 1.73 diff -u -r1.73 usb_subr.c --- dev/usb/usb_subr.c 14 Jan 2009 21:02:57 -0000 1.73 +++ dev/usb/usb_subr.c 22 Mar 2011 13:42:36 -0000 @@ -731,7 +731,7 @@ } DPRINTF(("usbd_set_config_index: (addr %d) cno=%d attr=0x%02x, " "selfpowered=%d, power=%d\n", - cdp->bConfigurationValue, dev->address, cdp->bmAttributes, + dev->address, cdp->bConfigurationValue, cdp->bmAttributes, selfpowered, cdp->bMaxPower * 2)); /* Check if we have enough power. */ @@ -784,7 +784,12 @@ if (err) { while (--ifcidx >= 0) usbd_free_iface_data(dev, ifcidx); - goto bad; + free(dev->ifaces, M_USB); + free(dev->cdesc, M_USB); + dev->ifaces = NULL; + dev->cdesc = NULL; + dev->config = USB_UNCONFIG_NO; + return (err); } } >Release-Note: >Audit-Trail: >Unformatted: