mt7601u: do not free dma_buf when ivp allocation fails

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the allocation of ivp fails the error handling attempts to
free an uninitialized dma_buf; this data structure just contains
garbage on the stack, so the freeing will cause issues when the
urb, buf and dma fields are free'd. Fix this by not free'ing the
dma_buf if the ivp allocation fails.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

authored by

Colin Ian King and committed by

Kalle Valo 10 years ago 2b02a36d 354a1947

+3 -1

1 changed file

expand all

drivers

net

wireless

mediatek

mt7601u

mcu.c

+3 -1

drivers/net/wireless/mediatek/mt7601u/mcu.c

··· 362 362 int i, ret; 363 363 364 364 ivb = kmemdup(fw->ivb, sizeof(fw->ivb), GFP_KERNEL); 365 - if (!ivb || mt7601u_usb_alloc_buf(dev, MCU_FW_URB_SIZE, &dma_buf)) { 365 + if (!ivb) 366 + return -ENOMEM; 367 + if (mt7601u_usb_alloc_buf(dev, MCU_FW_URB_SIZE, &dma_buf)) { 366 368 ret = -ENOMEM; 367 369 goto error; 368 370 }