[PATCH next] ASoC: sma1307: Fix error handling in sma1307_setting_loaded()

From: Dan Carpenter
Date: Fri Mar 21 2025 - 10:36:16 EST

Next message: neil . armstrong: "Re: [PATCH v3 05/10] phy: phy-snps-eusb2: split phy init code"
Previous message: Johan Hovold: "[GIT PULL] USB-serial update for 6.15-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are a couple bugs in this code:

1) The cleanup code calls kfree(sma1307->set.header) and
kfree(sma1307->set.def) but those functions were allocated using
devm_kzalloc(). It results in a double free. Delete all these
kfree() calls.

2) A missing call to kfree(data) if the checksum was wrong on this error
path:
if ((sma1307->set.checksum >> 8) != SMA1307_SETTING_CHECKSUM) {
Since the "data" pointer is supposed to be freed on every return, I
changed that to use the __free(kfree) cleanup attribute.

Fixes: 0ec6bd16705f ("ASoC: sma1307: Add NULL check in sma1307_setting_loaded()")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
sound/soc/codecs/sma1307.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/sound/soc/codecs/sma1307.c b/sound/soc/codecs/sma1307.c
index f5c303d4bb62..498189ab691c 100644
--- a/sound/soc/codecs/sma1307.c
+++ b/sound/soc/codecs/sma1307.c
@@ -1705,7 +1705,7 @@ static void sma1307_check_fault_worker(struct work_struct *work)
static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *file)
{
const struct firmware *fw;
- int *data, size, offset, num_mode;
+ int size, offset, num_mode;
int ret;

ret = request_firmware(&fw, file, sma1307->dev);
@@ -1722,7 +1722,7 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
return;
}

- data = kzalloc(fw->size, GFP_KERNEL);
+ int *data __free(kfree) = kzalloc(fw->size, GFP_KERNEL);
if (!data) {
release_firmware(fw);
sma1307->set.status = false;
@@ -1742,7 +1742,6 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
sma1307->set.header_size,
GFP_KERNEL);
if (!sma1307->set.header) {
- kfree(data);
sma1307->set.status = false;
return;
}
@@ -1763,8 +1762,6 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
= devm_kzalloc(sma1307->dev,
sma1307->set.def_size * sizeof(int), GFP_KERNEL);
if (!sma1307->set.def) {
- kfree(data);
- kfree(sma1307->set.header);
sma1307->set.status = false;
return;
}
@@ -1782,9 +1779,6 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
sma1307->set.mode_size * 2 * sizeof(int),
GFP_KERNEL);
if (!sma1307->set.mode_set[i]) {
- kfree(data);
- kfree(sma1307->set.header);
- kfree(sma1307->set.def);
for (int j = 0; j < i; j++)
kfree(sma1307->set.mode_set[j]);
sma1307->set.status = false;
@@ -1799,7 +1793,6 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
}
}

- kfree(data);
sma1307->set.status = true;

}
--
2.47.2

Next message: neil . armstrong: "Re: [PATCH v3 05/10] phy: phy-snps-eusb2: split phy init code"
Previous message: Johan Hovold: "[GIT PULL] USB-serial update for 6.15-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]