Function rtl88eu_download_fw() may leak the memory of the already requested
firmware data due to direct returns in the error paths. Ensure cleanup by
using a centralized exit path. Detected by Coverity CID 1269127.
Signed-off-by: Christian Engelmayer <cenge...@gmx.at>
---
Compile tested only. Applies against branch staging-next.
---
drivers/staging/rtl8188eu/hal/fw.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8188eu/hal/fw.c
b/drivers/staging/rtl8188eu/hal/fw.c
index 3b2875481fc5..1b57ca49af5f 100644
--- a/drivers/staging/rtl8188eu/hal/fw.c
+++ b/drivers/staging/rtl8188eu/hal/fw.c
@@ -201,17 +201,19 @@ int rtl88eu_download_fw(struct adapter *adapt)
if (fw->size > FW_8188E_SIZE) {
dev_err(device, "Firmware size exceed 0x%X. Check it.\n",
FW_8188E_SIZE);
- return -1;
+ err = -1;
+ goto exit;
}
pfwdata = kzalloc(FW_8188E_SIZE, GFP_KERNEL);
- if (!pfwdata)
- return -ENOMEM;
+ if (!pfwdata) {
+ err = -ENOMEM;
+ goto exit;
+ }
rtlhal->pfirmware = pfwdata;
memcpy(rtlhal->pfirmware, fw->data, fw->size);
rtlhal->fwsize = fw->size;
- release_firmware(fw);
fwsize = rtlhal->fwsize;
pfwheader = (struct rtl92c_firmware_header *)pfwdata;
@@ -232,5 +234,7 @@ int rtl88eu_download_fw(struct adapter *adapt)
err = _rtl88e_fw_free_to_go(adapt);
+exit:
+ release_firmware(fw);
return err;
}
--
1.9.1
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
