[alsa-devel] [PATCH] ALSA: pcm: fix a memory leak bug
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug. To fix the above issue, free 'rt' before returning the error. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler); - if (ret < 0) + if (ret < 0) { + kfree(rt); return ret; + } } ret = snd_pcm_new(chip->card, "USB-SPDIF Audio", 0, 1, 0, &pcm); -- 2.7.4
On Wed, 07 Aug 2019 08:15:17 +0200, Wenwen Wang wrote:
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'rt' before returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler); - if (ret < 0) + if (ret < 0) { + kfree(rt); return ret; + }
Unfortunately this still leaves some memory. We need to release rt->out_urbs[], too. The relevant code is already in hiface_pcm_destroy(), so factor out the looped kfree() there and call it from both places. Care to resubmit with more fixes? thanks, Takashi
On Wed, Aug 7, 2019 at 2:33 AM Takashi Iwai <tiwai@suse.de> wrote:
On Wed, 07 Aug 2019 08:15:17 +0200, Wenwen Wang wrote:
In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. However, if the initialization fails, 'rt' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'rt' before returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- sound/usb/hiface/pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1..5dbcd0d 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) for (i = 0; i < PCM_N_URBS; i++) { ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler); - if (ret < 0) + if (ret < 0) { + kfree(rt); return ret; + }
Unfortunately this still leaves some memory. We need to release rt->out_urbs[], too. The relevant code is already in hiface_pcm_destroy(), so factor out the looped kfree() there and call it from both places.
Care to resubmit with more fixes?
Thanks for your comments! I also found this issue, and am working on another patch to fix it. Wenwen
participants (2)
-
Takashi Iwai -
Wenwen Wang