(nuttx) branch master updated: drivers/analog: fix dead free and memory leak in mcp48xx and mcp47x6.

[cederom]

This is an automated email from the ASF dual-hosted git repository.

cederom pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new fa1589a697b drivers/analog: fix dead free and memory leak in mcp48xx 
and mcp47x6.
fa1589a697b is described below

commit fa1589a697b38be5619cd801dc795d38b4461235
Author: hanzhijian <hanzhij...@zepp.com>
AuthorDate: Thu May 28 00:49:07 2026 +0800

    drivers/analog: fix dead free and memory leak in mcp48xx and mcp47x6.
    
    mcp48xx_initialize() and mcp47x6_initialize() share the same two bugs
    in their allocation error paths:
    
    1. Dead code: when the first kmm_malloc() fails and priv is NULL, the
       code calls free(priv) which is a no-op on NULL.  Remove it.
    
    2. Memory leak: when the second kmm_malloc() fails (dacdev), the
       function returns NULL without freeing the already-allocated priv.
       Add kmm_free(priv) before the return.
    
    Signed-off-by: hanzj <hanzhij...@zepp.com>
---
 drivers/analog/mcp47x6.c | 2 +-
 drivers/analog/mcp48xx.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/analog/mcp47x6.c b/drivers/analog/mcp47x6.c
index b18a60ad4b3..c96648de5df 100644
--- a/drivers/analog/mcp47x6.c
+++ b/drivers/analog/mcp47x6.c
@@ -438,7 +438,6 @@ FAR struct dac_dev_s *mcp47x6_initialize(FAR struct 
i2c_master_s *i2c,
   if (priv == NULL)
     {
       aerr("ERROR: Failed to allocate mcp47x6_dev_s instance\n");
-      free(priv);
       return NULL;
     }
 
@@ -446,6 +445,7 @@ FAR struct dac_dev_s *mcp47x6_initialize(FAR struct 
i2c_master_s *i2c,
   if (dacdev == NULL)
     {
       aerr("ERROR: Failed to allocate dac_dev_s instance\n");
+      kmm_free(priv);
       return NULL;
     }
 
diff --git a/drivers/analog/mcp48xx.c b/drivers/analog/mcp48xx.c
index 7d86831a88b..52c75917acf 100644
--- a/drivers/analog/mcp48xx.c
+++ b/drivers/analog/mcp48xx.c
@@ -344,7 +344,6 @@ FAR struct dac_dev_s *mcp48xx_initialize(FAR struct 
spi_dev_s *spi,
   if (priv == NULL)
     {
       aerr("ERROR: Failed to allocate mcp48xx_dev_s instance\n");
-      free(priv);
       return NULL;
     }
 
@@ -352,6 +351,7 @@ FAR struct dac_dev_s *mcp48xx_initialize(FAR struct 
spi_dev_s *spi,
   if (dacdev == NULL)
     {
       aerr("ERROR: Failed to allocate dac_dev_s instance\n");
+      kmm_free(priv);
       return NULL;
     }