[PATCH] drivers/acpi/driver.c

From: Philip Wang (PXWang@stanford.edu)
Date: Mon May 21 2001 - 21:50:41 EST

Next message: Steven Walter: "Re: [Patch] Output of L1,L2 and L3 cache sizes to /proc/cpuinfo"
Previous message: Ricardo Galli: "New XFS, ReiserFS and Ext2 benchmarks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

There is a bug in driver.c of not freeing memory on error
paths. buf.pointer is allocated but not freed if copy_to_user fails. The
addition I made was to kfree buf.pointer before returning -EFAULT. Thanks!

Philip

--- /2.4.4/linux/drivers/acpi/driver.c Fri Feb 9 11:45:58 2001
+++ driver.c Mon May 21 19:21:14 2001
@@ -311,8 +311,10 @@
                size = buf.length - file->f_pos;
                if (size > *len)
                        size = *len;
- if (copy_to_user(buffer, data, size))
- return -EFAULT;
+ if (copy_to_user(buffer, data, size)) {
+ kfree(buf.pointer);
+ return -EFAULT;
+ }
        }

kfree(buf.pointer);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Walter: "Re: [Patch] Output of L1,L2 and L3 cache sizes to /proc/cpuinfo"
Previous message: Ricardo Galli: "New XFS, ReiserFS and Ext2 benchmarks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 23 2001 - 21:00:44 EST