speedtch usbatm.c,1.43,1.44
Duncan Sands
duncan at infradead.org
Wed May 11 10:59:42 EDT 2005
Update of /home/cvs/speedtch
In directory phoenix.infradead.org:/tmp/cvs-serv8263
Modified Files:
usbatm.c
Log Message:
Plug memory leak. Avoid null dereference. Patch by Roman Kagan.
Index: usbatm.c
===================================================================
RCS file: /home/cvs/speedtch/usbatm.c,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- usbatm.c 11 May 2005 04:28:06 -0000 1.43
+++ usbatm.c 11 May 2005 14:59:39 -0000 1.44
@@ -1036,13 +1036,6 @@
struct usbatm_channel *channel = i < num_rcv_urbs ?
&instance->rx_channel : &instance->tx_channel;
- buffer = kmalloc(channel->buf_size, GFP_KERNEL);
- if (!buffer) {
- dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i);
- goto fail_unbind;
- }
- memset(buffer, 0, channel->buf_size);
-
if (usb_pipeisoc(channel->endpoint)) {
/* don't expect iso out endpoints */
iso_size = usb_maxpacket(instance->usb_dev, channel->endpoint, 0);
@@ -1057,6 +1050,13 @@
goto fail_unbind;
}
+ buffer = kmalloc(channel->buf_size, GFP_KERNEL);
+ if (!buffer) {
+ dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i);
+ goto fail_unbind;
+ }
+ memset(buffer, 0, channel->buf_size);
+
usb_fill_bulk_urb(urb, instance->usb_dev, channel->endpoint,
buffer, channel->buf_size, usbatm_complete, channel);
if (iso_packets) {
@@ -1100,7 +1100,8 @@
instance->driver->unbind(instance, intf);
fail_free:
for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) {
- kfree(instance->urbs[i]->transfer_buffer);
+ if (instance->urbs[i])
+ kfree(instance->urbs[i]->transfer_buffer);
usb_free_urb(instance->urbs[i]);
}
More information about the Usbatm-commits
mailing list