On 10/16/11 17:46 , Pawel Jakub Dawidek wrote:
On Sat, Oct 15, 2011 at 03:57:56PM +0000, Christian Brueffer wrote:
Author: brueffer
Date: Sat Oct 15 15:57:55 2011
New Revision: 226398
URL: http://svn.freebsd.org/changeset/base/226398
Log:
Properly free resources in an error case.
CID: 4203
Found with: Coverity Prevent(tm)
MFC after: 1 week
Modified:
head/sys/dev/iicbus/iic.c
Modified: head/sys/dev/iicbus/iic.c
==============================================================================
--- head/sys/dev/iicbus/iic.c Sat Oct 15 15:21:33 2011 (r226397)
+++ head/sys/dev/iicbus/iic.c Sat Oct 15 15:57:55 2011 (r226398)
@@ -348,8 +348,10 @@ iicioctl(struct cdev *dev, u_long cmd, c
buf = malloc(sizeof(*d->msgs) * d->nmsgs, M_TEMP, M_WAITOK);
usrbufs = malloc(sizeof(void *) * d->nmsgs, M_TEMP, M_ZERO |
M_WAITOK);
error = copyin(d->msgs, buf, sizeof(*d->msgs) * d->nmsgs);
- if (error)
+ if (error) {
+ free(usrbufs, M_TEMP);
break;
+ }
I think that better fix is to move usrbufs allocation after copyin(), as
usrbufs is not used there.
Agreed, how about the attached patch?
Index: iic.c
===================================================================
--- iic.c (revision 226398)
+++ iic.c (working copy)
@@ -346,13 +346,11 @@
case I2CRDWR:
buf = malloc(sizeof(*d->msgs) * d->nmsgs, M_TEMP, M_WAITOK);
- usrbufs = malloc(sizeof(void *) * d->nmsgs, M_TEMP, M_ZERO |
M_WAITOK);
error = copyin(d->msgs, buf, sizeof(*d->msgs) * d->nmsgs);
- if (error) {
- free(usrbufs, M_TEMP);
+ if (error)
break;
- }
/* Alloc kernel buffers for userland data, copyin write data */
+ usrbufs = malloc(sizeof(void *) * d->nmsgs, M_TEMP, M_ZERO |
M_WAITOK);
for (i = 0; i < d->nmsgs; i++) {
m = &((struct iic_msg *)buf)[i];
usrbufs[i] = m->buf;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"