Kernel memleak in jffs2_erase_block() (fs/jffs2/erase.c:78)

Joakim Tjernlund joakim.tjernlund at transmode.se
Mon Nov 12 10:30:50 EST 2007


On Mon, 2007-11-12 at 13:28 +0100, Jörn Engel wrote:
> On Mon, 12 November 2007 13:39:02 +0300, Damir Shayhutdinov wrote:
> > 
> > I'm studying JFFS2 code now, and I believe I've found a kernel memory leak.
> > 
> > fs/jffs2/erase.c:
> > 
> > 76         ret = c->mtd->erase(c->mtd, instr);
> > 77         if (!ret)
> > 78                 return;
> > 
> > In case of ret == 0 (erase succeeded), line 78 leaves the function
> > jffs2_erase_block without kfree-ing previously kmalloc-ed pointer
> > instr (line 50).
> > 
> > So, sizeof(struct erase_info) + sizeof(struct erase_priv_struct) bytes
> > are leaking each time block is erased successfully.
> 
> Makes 64 Bytes, including kmalloc overhead.  On every successful erase.
> David, please apply.
> 
> Jörn

eeh, what about jffs2_erase_callback() as posted previously?




More information about the linux-mtd mailing list