Changeset ae754e5f in mainline


Ignore:
Timestamp:
2011-10-31T10:44:12Z (12 years ago)
Author:
Jan Vesely <jano.vesely@…>
Branches:
lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export
Children:
10059a68
Parents:
3562cd18
Message:

libusbdev: Fix memory leak and possible double free in error path.

We need child_fun to be valid pointer otherwise the ddf_fun create allocated
memory is unreachable.
ddf_fun_create str_dups name so free it asap.
It's driver_data that needs to be protected from free as we now nothing about that place in this function.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • uspace/lib/usbdev/src/recognise.c

    r3562cd18 rae754e5f  
    350350    ddf_dev_ops_t *dev_ops, void *dev_data, ddf_fun_t **child_fun)
    351351{
     352        if (child_fun == NULL)
     353                return EINVAL;
     354
    352355        size_t this_device_name_index;
    353356
     
    389392
    390393        child = ddf_fun_create(parent, fun_inner, child_name);
     394        free(child_name);
    391395        if (child == NULL) {
    392396                rc = ENOMEM;
     
    412416        }
    413417
    414         if (child_fun != NULL) {
    415                 *child_fun = child;
    416         }
    417 
     418        *child_fun = child;
    418419        return EOK;
    419420
    420421failure:
    421422        if (child != NULL) {
    422                 child->name = NULL;
     423                /* This was not malloced by us, does not even have to be
     424                 * on heap. */
     425                child->driver_data = NULL;
    423426                /* This takes care of match_id deallocation as well. */
    424427                ddf_fun_destroy(child);
    425428        }
    426         if (child_name != NULL) {
    427                 free(child_name);
    428         }
    429429
    430430        return rc;
Note: See TracChangeset for help on using the changeset viewer.