| From 4bff7208f332b2b1d7cf1338e50527441283a198 Mon Sep 17 00:00:00 2001 |
| From: Tomas Winkler <tomas.winkler@intel.com> |
| Date: Mon, 21 Oct 2013 22:05:38 +0300 |
| Subject: mei: nfc: fix memory leak in error path |
| |
| From: Tomas Winkler <tomas.winkler@intel.com> |
| |
| commit 4bff7208f332b2b1d7cf1338e50527441283a198 upstream. |
| |
| The flow may reach the err label without freeing cl and cl_info |
| |
| cl and cl_info weren't assigned to ndev->cl and cl_info |
| so they weren't freed in mei_nfc_free called on error path |
| |
| Cc: Samuel Ortiz <sameo@linux.intel.com> |
| Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/misc/mei/nfc.c | 10 ++++++---- |
| 1 file changed, 6 insertions(+), 4 deletions(-) |
| |
| --- a/drivers/misc/mei/nfc.c |
| +++ b/drivers/misc/mei/nfc.c |
| @@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device |
| if (ndev->cl_info) |
| return 0; |
| |
| - cl_info = mei_cl_allocate(dev); |
| - cl = mei_cl_allocate(dev); |
| + ndev->cl_info = mei_cl_allocate(dev); |
| + ndev->cl = mei_cl_allocate(dev); |
| + |
| + cl = ndev->cl; |
| + cl_info = ndev->cl_info; |
| |
| if (!cl || !cl_info) { |
| ret = -ENOMEM; |
| @@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device |
| |
| cl->device_uuid = mei_nfc_guid; |
| |
| + |
| list_add_tail(&cl->device_link, &dev->device_list); |
| |
| - ndev->cl_info = cl_info; |
| - ndev->cl = cl; |
| ndev->req_id = 1; |
| |
| INIT_WORK(&ndev->init_work, mei_nfc_init); |