From: Wenwen Wang <wang6495@umn.edu> To: Wenwen Wang <wang6495@umn.edu> Cc: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, Kees Cook <keescook@chromium.org>, alsa-devel@alsa-project.org (moderated list:SOUND), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] ALSA: usx2y: fix a memory leak bug Date: Sun, 28 Apr 2019 01:42:32 -0500 [thread overview] Message-ID: <1556433754-3291-1-git-send-email-wang6495@umn.edu> (raw) In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb() and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a sanity check is performed for the endpoint in the urb by invoking usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be returned. In that case, however, the created urb and the allocated buffer are not freed, leading to memory leaks. To fix the above issue, free the urb and the buffer if the check fails. Signed-off-by: Wenwen Wang <wang6495@umn.edu> --- sound/usb/usx2y/usbusx2y.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c index da4a5a5..0817018 100644 --- a/sound/usb/usx2y/usbusx2y.c +++ b/sound/usb/usx2y/usbusx2y.c @@ -303,8 +303,11 @@ int usX2Y_In04_init(struct usX2Ydev *usX2Y) usX2Y->In04Buf, 21, i_usX2Y_In04Int, usX2Y, 10); - if (usb_urb_ep_type_check(usX2Y->In04urb)) + if (usb_urb_ep_type_check(usX2Y->In04urb)) { + kfree(usX2Y->In04Buf); + usb_put_urb(usX2Y->In04urb); return -EINVAL; + } return usb_submit_urb(usX2Y->In04urb, GFP_KERNEL); } -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Wenwen Wang <wang6495@umn.edu> To: Wenwen Wang <wang6495@umn.edu> Cc: open list <linux-kernel@vger.kernel.org>, "moderated list:SOUND" <alsa-devel@alsa-project.org>, Takashi Iwai <tiwai@suse.com>, Kees Cook <keescook@chromium.org> Subject: [PATCH] ALSA: usx2y: fix a memory leak bug Date: Sun, 28 Apr 2019 01:42:32 -0500 [thread overview] Message-ID: <1556433754-3291-1-git-send-email-wang6495@umn.edu> (raw) In usX2Y_In04_init(), a new urb is firstly created through usb_alloc_urb() and saved to 'usX2Y->In04urb'. Then, a buffer is allocated through kmalloc() and saved to 'usX2Y->In04Buf'. After the urb is initialized, a sanity check is performed for the endpoint in the urb by invoking usb_urb_ep_type_check(). If the check fails, the error code EINVAL will be returned. In that case, however, the created urb and the allocated buffer are not freed, leading to memory leaks. To fix the above issue, free the urb and the buffer if the check fails. Signed-off-by: Wenwen Wang <wang6495@umn.edu> --- sound/usb/usx2y/usbusx2y.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c index da4a5a5..0817018 100644 --- a/sound/usb/usx2y/usbusx2y.c +++ b/sound/usb/usx2y/usbusx2y.c @@ -303,8 +303,11 @@ int usX2Y_In04_init(struct usX2Ydev *usX2Y) usX2Y->In04Buf, 21, i_usX2Y_In04Int, usX2Y, 10); - if (usb_urb_ep_type_check(usX2Y->In04urb)) + if (usb_urb_ep_type_check(usX2Y->In04urb)) { + kfree(usX2Y->In04Buf); + usb_put_urb(usX2Y->In04urb); return -EINVAL; + } return usb_submit_urb(usX2Y->In04urb, GFP_KERNEL); } -- 2.7.4
next reply other threads:[~2019-04-28 6:49 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-04-28 6:42 Wenwen Wang [this message] 2019-04-28 6:42 ` [PATCH] ALSA: usx2y: fix a memory leak bug Wenwen Wang 2019-04-28 7:18 ` Takashi Iwai 2019-04-29 5:36 ` Takashi Iwai 2019-04-29 5:50 ` Wenwen Wang 2019-04-29 6:42 ` Takashi Iwai 2019-04-29 6:44 ` Wenwen Wang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1556433754-3291-1-git-send-email-wang6495@umn.edu \ --to=wang6495@umn.edu \ --cc=alsa-devel@alsa-project.org \ --cc=keescook@chromium.org \ --cc=linux-kernel@vger.kernel.org \ --cc=perex@perex.cz \ --cc=tiwai@suse.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.