On Mon, Sep 16, 2019 at 09:41:43PM -0500, Navid Emamdoost wrote:
In das1800_attach, the buffer allocated via kmalloc_array needs to be
released if an error happens.
Signed-off-by: Navid Emamdoost <navid.emamdoost@xxxxxxxxx>
Commedit calls ->detach() if the ->attach() fails so this patch would
lead to a double free. See comedi_device_attach():
drivers/staging/comedi/drivers.c
983 }
984 if (!driv->attach) {
985 /* driver does not support manual configuration */
986 dev_warn(dev->class_dev,
987 "driver '%s' does not support attach using comedi_config\n",
988 driv->driver_name);
989 module_put(driv->module);
990 ret = -EIO;
991 goto out;
992 }
993 dev->driver = driv;
994 dev->board_name = dev->board_ptr ? *(const char **)dev->board_ptr
995 : dev->driver->driver_name;
996 ret = driv->attach(dev, it);
^^^^^^^^^^^^^^^^^^^^^
997 if (ret >= 0)
998 ret = comedi_device_postconfig(dev);
999 if (ret < 0) {
1000 comedi_device_detach(dev);
^^^^^^^^^^^^^^^^^^^^^^^^^
1001 module_put(driv->module);
1002 }
1003 /* On success, the driver module count has been incremented. */