Message ID | 20190322134348.15048-1-yuehaibing@huawei.com |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | [v2] dccp: Fix memleak in __feat_register_sp | expand |
From: Yue Haibing <yuehaibing@huawei.com> Date: Fri, 22 Mar 2019 21:43:48 +0800 > From: YueHaibing <yuehaibing@huawei.com> > > If dccp_feat_push_change fails, we forget free the mem > which is alloced by kmemdup in dccp_feat_clone_sp_val. > > Reported-by: Hulk Robot <hulkci@huawei.com> > Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- > v2: kfree 'val --> 'fval' Don't submit any patches for at least 2 days, I am getting really tired of changes you don't even COMPILE TEST: CC [M] net/dccp/feat.o net/dccp/feat.c: In function ‘__feat_register_sp’: net/dccp/feat.c:742:13: error: invalid type argument of ‘->’ (have ‘dccp_feat_val’ {aka ‘union <anonymous>’}) kfree(fval->sp.vec); ^~
On 2019/3/25 8:12, David Miller wrote: > From: Yue Haibing <yuehaibing@huawei.com> > Date: Fri, 22 Mar 2019 21:43:48 +0800 > >> From: YueHaibing <yuehaibing@huawei.com> >> >> If dccp_feat_push_change fails, we forget free the mem >> which is alloced by kmemdup in dccp_feat_clone_sp_val. >> >> Reported-by: Hulk Robot <hulkci@huawei.com> >> Fixes: e8ef967a54f4 ("dccp: Registration routines for changing feature values") >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- >> v2: kfree 'val --> 'fval' > > Don't submit any patches for at least 2 days, I am getting really tired of > changes you don't even COMPILE TEST: > > CC [M] net/dccp/feat.o > net/dccp/feat.c: In function ‘__feat_register_sp’: > net/dccp/feat.c:742:13: error: invalid type argument of ‘->’ (have ‘dccp_feat_val’ {aka ‘union <anonymous>’}) > kfree(fval->sp.vec); > I'm very sorry for this, will self-reflection. ^~ >
diff --git a/net/dccp/feat.c b/net/dccp/feat.c index f227f00..03275b2 100644 --- a/net/dccp/feat.c +++ b/net/dccp/feat.c @@ -738,7 +738,12 @@ static int __feat_register_sp(struct list_head *fn, u8 feat, u8 is_local, if (dccp_feat_clone_sp_val(&fval, sp_val, sp_len)) return -ENOMEM; - return dccp_feat_push_change(fn, feat, is_local, mandatory, &fval); + if (dccp_feat_push_change(fn, feat, is_local, mandatory, &fval)) { + kfree(fval->sp.vec); + return -ENOMEM; + } + + return 0; } /**