Re: [PATCH][hid] Fix a NULL pointer dereference when we fail toallocate memory
From: Jiri Kosina
Date: Mon Jul 30 2007 - 09:46:05 EST
On Sun, 22 Jul 2007, Jiri Slaby wrote:
> > --- a/drivers/hid/usbhid/hid-core.c
> > +++ b/drivers/hid/usbhid/hid-core.c
> > @@ -743,7 +743,7 @@ static struct hid_device *usb_hid_configure(struct usb_interface *intf)
> > hid->quirks = quirks;
> >
> > if (!(usbhid = kzalloc(sizeof(struct usbhid_device), GFP_KERNEL)))
> Out of curiosity, where is this freed?
I have queued the fix below on top of Jesper's patch, thanks.
diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index 3ff7468..6e73934 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -877,6 +877,7 @@ fail:
usb_free_urb(usbhid->urbin);
usb_free_urb(usbhid->urbout);
usb_free_urb(usbhid->urbctrl);
+ kfree(usbhid);
fail_no_usbhid:
hid_free_buffers(dev, hid);
hid_free_device(hid);
@@ -912,6 +913,7 @@ static void hid_disconnect(struct usb_interface *intf)
usb_free_urb(usbhid->urbin);
usb_free_urb(usbhid->urbctrl);
usb_free_urb(usbhid->urbout);
+ kfree(usbhid);
hid_free_buffers(hid_to_usb_dev(hid), hid);
hid_free_device(hid);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/