From julia@diku.dk  Wed Jan 21 09:25:13 2009
From: Julia Lawall <julia@diku.dk>
Date: Thu, 25 Dec 2008 21:10:30 +0100 (CET)
Subject: Staging: comedi: introduce missing kfree
To: gregkh@suse.de, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Message-ID: <Pine.LNX.4.64.0812252109580.31651@ask.diku.dk>


From: Julia Lawall <julia@diku.dk>

Error handling code following a kmalloc should free the allocated data.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,l;
position p1,p2;
expression *ptr != NULL;
@@

(
if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S
|
x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
)
<... when != x
     when != if (...) { <+...x...+> }
x->f = E
...>
(
 return \(0\|<+...x...+>\|ptr\);
|
 return@p2 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/staging/comedi/drivers/usbdux.c     |    6 +++++-
 drivers/staging/comedi/drivers/usbduxfast.c |    6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

--- a/drivers/staging/comedi/drivers/usbdux.c
+++ b/drivers/staging/comedi/drivers/usbdux.c
@@ -2298,7 +2298,7 @@ static int read_firmware(struct usbduxsu
 	struct device *dev = &usbduxsub->interface->dev;
 	int i = 0;
 	unsigned char *fp = (char *)firmwarePtr;
-	unsigned char *firmwareBinary = NULL;
+	unsigned char *firmwareBinary;
 	int res = 0;
 	int maxAddr = 0;
 
@@ -2322,6 +2322,7 @@ static int read_firmware(struct usbduxsu
 			j++;
 			if (j >= sizeof(buf)) {
 				dev_err(dev, "comedi_: bogus firmware file!\n");
+				kfree(firmwareBinary);
 				return -1;
 			}
 		}
@@ -2344,6 +2345,7 @@ static int read_firmware(struct usbduxsu
 		if (buf[0] != ':') {
 			dev_err(dev, "comedi_: upload: not an ihex record: %s",
 				buf);
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}
 
@@ -2360,6 +2362,7 @@ static int read_firmware(struct usbduxsu
 		if (maxAddr >= FIRMWARE_MAX_LEN) {
 			dev_err(dev, "comedi_: firmware upload goes "
 				"beyond FX2 RAM boundaries.\n");
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}
 		/* dev_dbg(dev, "comedi_: off=%x, len=%x:\n", off, len); */
@@ -2375,6 +2378,7 @@ static int read_firmware(struct usbduxsu
 		if (type != 0) {
 			dev_err(dev, "comedi_: unsupported record type: %u\n",
 				type);
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}
 
--- a/drivers/staging/comedi/drivers/usbduxfast.c
+++ b/drivers/staging/comedi/drivers/usbduxfast.c
@@ -1298,7 +1298,7 @@ static int read_firmware(usbduxfastsub_t
 {
 	int i = 0;
 	unsigned char *fp = (char *)firmwarePtr;
-	unsigned char *firmwareBinary = NULL;
+	unsigned char *firmwareBinary;
 	int res = 0;
 	int maxAddr = 0;
 
@@ -1322,6 +1322,7 @@ static int read_firmware(usbduxfastsub_t
 			j++;
 			if (j >= sizeof(buf)) {
 				printk("comedi_: usbduxfast: bogus firmware file!\n");
+				kfree(firmwareBinary);
 				return -1;
 			}
 		}
@@ -1340,6 +1341,7 @@ static int read_firmware(usbduxfastsub_t
 
 		if (buf[0] != ':') {
 			printk("comedi_: usbduxfast: upload: not an ihex record: %s", buf);
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}
 
@@ -1355,6 +1357,7 @@ static int read_firmware(usbduxfastsub_t
 
 		if (maxAddr >= FIRMWARE_MAX_LEN) {
 			printk("comedi_: usbduxfast: firmware upload goes beyond FX2 RAM boundaries.");
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}
 		//printk("comedi_: usbduxfast: off=%x, len=%x:",off,len);
@@ -1369,6 +1372,7 @@ static int read_firmware(usbduxfastsub_t
 
 		if (type != 0) {
 			printk("comedi_: usbduxfast: unsupported record type: %u\n", type);
+			kfree(firmwareBinary);
 			return -EFAULT;
 		}