From julia@diku.dk Wed Jan 21 09:25:13 2009 From: Julia Lawall Date: Thu, 25 Dec 2008 21:10:30 +0100 (CET) Subject: Staging: comedi: introduce missing kfree To: gregkh@suse.de, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Message-ID: From: Julia Lawall Error handling code following a kmalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // @r exists@ local idexpression x; statement S; expression E; identifier f,l; position p1,p2; expression *ptr != NULL; @@ ( if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S | x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...); ... if (x == NULL) S ) <... when != x when != if (...) { <+...x...+> } x->f = E ...> ( return \(0\|<+...x...+>\|ptr\); | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line) // Signed-off-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman --- drivers/staging/comedi/drivers/usbdux.c | 6 +++++- drivers/staging/comedi/drivers/usbduxfast.c | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) --- a/drivers/staging/comedi/drivers/usbdux.c +++ b/drivers/staging/comedi/drivers/usbdux.c @@ -2298,7 +2298,7 @@ static int read_firmware(struct usbduxsu struct device *dev = &usbduxsub->interface->dev; int i = 0; unsigned char *fp = (char *)firmwarePtr; - unsigned char *firmwareBinary = NULL; + unsigned char *firmwareBinary; int res = 0; int maxAddr = 0; @@ -2322,6 +2322,7 @@ static int read_firmware(struct usbduxsu j++; if (j >= sizeof(buf)) { dev_err(dev, "comedi_: bogus firmware file!\n"); + kfree(firmwareBinary); return -1; } } @@ -2344,6 +2345,7 @@ static int read_firmware(struct usbduxsu if (buf[0] != ':') { dev_err(dev, "comedi_: upload: not an ihex record: %s", buf); + kfree(firmwareBinary); return -EFAULT; } @@ -2360,6 +2362,7 @@ static int read_firmware(struct usbduxsu if (maxAddr >= FIRMWARE_MAX_LEN) { dev_err(dev, "comedi_: firmware upload goes " "beyond FX2 RAM boundaries.\n"); + kfree(firmwareBinary); return -EFAULT; } /* dev_dbg(dev, "comedi_: off=%x, len=%x:\n", off, len); */ @@ -2375,6 +2378,7 @@ static int read_firmware(struct usbduxsu if (type != 0) { dev_err(dev, "comedi_: unsupported record type: %u\n", type); + kfree(firmwareBinary); return -EFAULT; } --- a/drivers/staging/comedi/drivers/usbduxfast.c +++ b/drivers/staging/comedi/drivers/usbduxfast.c @@ -1298,7 +1298,7 @@ static int read_firmware(usbduxfastsub_t { int i = 0; unsigned char *fp = (char *)firmwarePtr; - unsigned char *firmwareBinary = NULL; + unsigned char *firmwareBinary; int res = 0; int maxAddr = 0; @@ -1322,6 +1322,7 @@ static int read_firmware(usbduxfastsub_t j++; if (j >= sizeof(buf)) { printk("comedi_: usbduxfast: bogus firmware file!\n"); + kfree(firmwareBinary); return -1; } } @@ -1340,6 +1341,7 @@ static int read_firmware(usbduxfastsub_t if (buf[0] != ':') { printk("comedi_: usbduxfast: upload: not an ihex record: %s", buf); + kfree(firmwareBinary); return -EFAULT; } @@ -1355,6 +1357,7 @@ static int read_firmware(usbduxfastsub_t if (maxAddr >= FIRMWARE_MAX_LEN) { printk("comedi_: usbduxfast: firmware upload goes beyond FX2 RAM boundaries."); + kfree(firmwareBinary); return -EFAULT; } //printk("comedi_: usbduxfast: off=%x, len=%x:",off,len); @@ -1369,6 +1372,7 @@ static int read_firmware(usbduxfastsub_t if (type != 0) { printk("comedi_: usbduxfast: unsupported record type: %u\n", type); + kfree(firmwareBinary); return -EFAULT; }