On Wed, Aug 7, 2019 at 2:33 AM Takashi Iwai <ti...@suse.de> wrote: > > On Wed, 07 Aug 2019 08:15:17 +0200, > Wenwen Wang wrote: > > > > In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later > > on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. > > However, if the initialization fails, 'rt' is not deallocated, leading to a > > memory leak bug. > > > > To fix the above issue, free 'rt' before returning the error. > > > > Signed-off-by: Wenwen Wang <wen...@cs.uga.edu> > > --- > > sound/usb/hiface/pcm.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c > > index 14fc1e1..5dbcd0d 100644 > > --- a/sound/usb/hiface/pcm.c > > +++ b/sound/usb/hiface/pcm.c > > @@ -599,8 +599,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 > > extra_freq) > > for (i = 0; i < PCM_N_URBS; i++) { > > ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, > > hiface_pcm_out_urb_handler); > > - if (ret < 0) > > + if (ret < 0) { > > + kfree(rt); > > return ret; > > + } > > Unfortunately this still leaves some memory. We need to release > rt->out_urbs[], too. The relevant code is already in > hiface_pcm_destroy(), so factor out the looped kfree() there and call > it from both places. > > Care to resubmit with more fixes?
Thanks for your comments! I also found this issue, and am working on another patch to fix it. Wenwen