[alsa-devel] [PATCH] ALSA: pcm: fix a memory leak bug
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'rt' before returning the error.
Signed-off-by: Wenwen Wang wenwen@cs.uga.edu --- sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler); - if (ret < 0) + if (ret < 0) { + kfree(rt); return ret; + } }
ret = snd_pcm_new(chip->card, "USB-SPDIF Audio", 0, 1, 0, &pcm);
On Wed, 07 Aug 2019 08:15:17 +0200, Wenwen Wang wrote:
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'rt' before returning the error.
Signed-off-by: Wenwen Wang wenwen@cs.uga.edu
sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler);
if (ret < 0)
if (ret < 0) {kfree(rt); return ret;}
Unfortunately this still leaves some memory. We need to release rt->out_urbs[], too. The relevant code is already in hiface_pcm_destroy(), so factor out the looped kfree() there and call it from both places.
Care to resubmit with more fixes?
thanks,
Takashi
On Wed, Aug 7, 2019 at 2:33 AM Takashi Iwai tiwai@suse.de wrote:
On Wed, 07 Aug 2019 08:15:17 +0200, Wenwen Wang wrote:
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'rt' before returning the error.
Signed-off-by: Wenwen Wang wenwen@cs.uga.edu
sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler);
if (ret < 0)
if (ret < 0) {kfree(rt); return ret;}Unfortunately this still leaves some memory. We need to release rt->out_urbs[], too. The relevant code is already in hiface_pcm_destroy(), so factor out the looped kfree() there and call it from both places.
Care to resubmit with more fixes?
Thanks for your comments! I also found this issue, and am working on another patch to fix it.
Wenwen
participants (2)
-
Takashi Iwai -
Wenwen Wang