From: Wenwen Wang <wang6495@umn.edu>
To: Wenwen Wang <wang6495@umn.edu>
Cc: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Kees Cook <keescook@chromium.org>,
alsa-devel@alsa-project.org (moderated list:SOUND),
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH] ALSA: usx2y: fix a memory leak bug
Date: Sun, 28 Apr 2019 01:42:32 -0500 [thread overview]
Message-ID: <1556433754-3291-1-git-send-email-wang6495@umn.edu> (raw)
In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
sanity check is performed for the endpoint in the urb by invoking
usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
returned. In that case, however, the created urb and the allocated buffer
are not freed, leading to memory leaks.
To fix the above issue, free the urb and the buffer if the check fails.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
---
sound/usb/usx2y/usbusx2y.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index da4a5a5..0817018 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -303,8 +303,11 @@ int usX2Y_In04_init(struct usX2Ydev *usX2Y)
usX2Y->In04Buf, 21,
i_usX2Y_In04Int, usX2Y,
10);
- if (usb_urb_ep_type_check(usX2Y->In04urb))
+ if (usb_urb_ep_type_check(usX2Y->In04urb)) {
+ kfree(usX2Y->In04Buf);
+ usb_put_urb(usX2Y->In04urb);
return -EINVAL;
+ }
return usb_submit_urb(usX2Y->In04urb, GFP_KERNEL);
}
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Wenwen Wang <wang6495@umn.edu>
To: Wenwen Wang <wang6495@umn.edu>
Cc: open list <linux-kernel@vger.kernel.org>,
"moderated list:SOUND" <alsa-devel@alsa-project.org>,
Takashi Iwai <tiwai@suse.com>, Kees Cook <keescook@chromium.org>
Subject: [PATCH] ALSA: usx2y: fix a memory leak bug
Date: Sun, 28 Apr 2019 01:42:32 -0500 [thread overview]
Message-ID: <1556433754-3291-1-git-send-email-wang6495@umn.edu> (raw)
In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb()
and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through
kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a
sanity check is performed for the endpoint in the urb by invoking
usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be
returned. In that case, however, the created urb and the allocated buffer
are not freed, leading to memory leaks.
To fix the above issue, free the urb and the buffer if the check fails.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
---
sound/usb/usx2y/usbusx2y.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index da4a5a5..0817018 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -303,8 +303,11 @@ int usX2Y_In04_init(struct usX2Ydev *usX2Y)
usX2Y->In04Buf, 21,
i_usX2Y_In04Int, usX2Y,
10);
- if (usb_urb_ep_type_check(usX2Y->In04urb))
+ if (usb_urb_ep_type_check(usX2Y->In04urb)) {
+ kfree(usX2Y->In04Buf);
+ usb_put_urb(usX2Y->In04urb);
return -EINVAL;
+ }
return usb_submit_urb(usX2Y->In04urb, GFP_KERNEL);
}
--
2.7.4
next reply other threads:[~2019-04-28 6:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-28 6:42 Wenwen Wang [this message]
2019-04-28 6:42 ` [PATCH] ALSA: usx2y: fix a memory leak bug Wenwen Wang
2019-04-28 7:18 ` Takashi Iwai
2019-04-29 5:36 ` Takashi Iwai
2019-04-29 5:50 ` Wenwen Wang
2019-04-29 6:42 ` Takashi Iwai
2019-04-29 6:44 ` Wenwen Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1556433754-3291-1-git-send-email-wang6495@umn.edu \
--to=wang6495@umn.edu \
--cc=alsa-devel@alsa-project.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.