Jonathan Gray
unread,May 6, 2013, 10:09:22 PM5/6/13You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
On Sun, May 05, 2013 at 01:30:05PM +0100, Federico Schwindt wrote:
>
> there are more cases in mfi_bio_getitall() where the second allocated cfg
> (ld_det as well) might not be freed if something goes wrong.
>
> f.-
Well there is one more case and then after that sc->sc_cfg is set
to cfg so we shouldn't leak anything else?
Index: mfi.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/mfi.c,v
retrieving revision 1.144
diff -u -p -r1.144 mfi.c
--- mfi.c 3 May 2013 02:46:28 -0000 1.144
+++ mfi.c 7 May 2013 02:00:01 -0000
@@ -1470,8 +1470,10 @@ mfi_bio_getitall(struct mfi_softc *sc)
if (cfg == NULL)
goto done;
if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, sizeof *cfg, cfg,
- NULL))
+ NULL)) {
+ free(cfg, M_DEVBUF);
goto done;
+ }
size = cfg->mfc_size;
free(cfg, M_DEVBUF);
@@ -1480,8 +1482,10 @@ mfi_bio_getitall(struct mfi_softc *sc)
cfg = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
if (cfg == NULL)
goto done;
- if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, size, cfg, NULL))
+ if (mfi_mgmt(sc, MR_DCMD_CONF_GET, MFI_DATA_IN, size, cfg, NULL)) {
+ free(cfg, M_DEVBUF);
goto done;
+ }
/* replace current pointer with enw one */
if (sc->sc_cfg)