[PATCH] drivers/acpi/driver.c

Philip Wang (PXWang@stanford.edu)
Mon, 21 May 2001 19:50:41 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steven Walter: "Re: [Patch] Output of L1,L2 and L3 cache sizes to /proc/cpuinfo"
Previous message: Ricardo Galli: "New XFS, ReiserFS and Ext2 benchmarks"

Hello!

There is a bug in driver.c of not freeing memory on error
paths. buf.pointer is allocated but not freed if copy_to_user fails. The
addition I made was to kfree buf.pointer before returning -EFAULT. Thanks!

Philip

--- /2.4.4/linux/drivers/acpi/driver.c Fri Feb 9 11:45:58 2001
+++ driver.c Mon May 21 19:21:14 2001
@@ -311,8 +311,10 @@
size = buf.length - file->f_pos;
if (size > *len)
size = *len;
- if (copy_to_user(buffer, data, size))
- return -EFAULT;
+ if (copy_to_user(buffer, data, size)) {
+ kfree(buf.pointer);
+ return -EFAULT;
+ }
}

kfree(buf.pointer);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Walter: "Re: [Patch] Output of L1,L2 and L3 cache sizes to /proc/cpuinfo"
Previous message: Ricardo Galli: "New XFS, ReiserFS and Ext2 benchmarks"