The length of the configuration descriptor is already used in
usbd_parse_idesc(). The diff below reuses the same pattern to
add the size argument to free(9), ok?
Index: usb_subr.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v
retrieving revision 1.138
diff -u -p -r1.138 usb_subr.c
--- usb_subr.c 19 Jul 2018 12:35:14 -0000 1.138
+++ usb_subr.c 8 Nov 2018 17:31:26 -0000
@@ -647,7 +647,7 @@ usbd_set_config_index(struct usbd_device
for (ifcidx = 0; ifcidx < nifc; ifcidx++)
usbd_free_iface_data(dev, ifcidx);
free(dev->ifaces, M_USB, 0);
- free(dev->cdesc, M_USB, 0);
+ free(dev->cdesc, M_USB, UGETW(dev->cdesc->wTotalLength));
dev->ifaces = NULL;
dev->cdesc = NULL;
dev->config = USB_UNCONFIG_NO;
@@ -1407,7 +1407,7 @@ usb_free_device(struct usbd_device *dev)
free(dev->ifaces, M_USB, 0);
}
if (dev->cdesc != NULL)
- free(dev->cdesc, M_USB, 0);
+ free(dev->cdesc, M_USB, UGETW(dev->cdesc->wTotalLength));
if (dev->subdevs != NULL)
free(dev->subdevs, M_USB, 0);
dev->bus->devices[dev->address] = NULL;
Index: ugen.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/ugen.c,v
retrieving revision 1.98
diff -u -p -r1.98 ugen.c
--- ugen.c 1 May 2018 18:14:46 -0000 1.98
+++ ugen.c 8 Nov 2018 17:00:28 -0000
@@ -1051,12 +1051,12 @@ ugen_do_ioctl(struct ugen_softc *sc, int
return (EINVAL);
idesc = usbd_find_idesc(cdesc, ai->uai_interface_index, 0);
if (idesc == NULL) {
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
return (EINVAL);
}
ai->uai_alt_no = usbd_get_no_alts(cdesc,
idesc->bInterfaceNumber);
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
break;
case USB_GET_DEVICE_DESC:
*(usb_device_descriptor_t *)addr =
@@ -1068,7 +1068,7 @@ ugen_do_ioctl(struct ugen_softc *sc, int
if (cdesc == NULL)
return (EINVAL);
cd->ucd_desc = *cdesc;
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
break;
case USB_GET_INTERFACE_DESC:
id = (struct usb_interface_desc *)addr;
@@ -1082,11 +1082,11 @@ ugen_do_ioctl(struct ugen_softc *sc, int
alt = id->uid_alt_index;
idesc = usbd_find_idesc(cdesc, id->uid_interface_index, alt);
if (idesc == NULL) {
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
return (EINVAL);
}
id->uid_desc = *idesc;
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
break;
case USB_GET_ENDPOINT_DESC:
ed = (struct usb_endpoint_desc *)addr;
@@ -1101,11 +1101,11 @@ ugen_do_ioctl(struct ugen_softc *sc, int
edesc = usbd_find_edesc(cdesc, ed->ued_interface_index,
alt, ed->ued_endpoint_index);
if (edesc == NULL) {
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
return (EINVAL);
}
ed->ued_desc = *edesc;
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
break;
case USB_GET_FULL_DESC:
{
@@ -1130,7 +1130,7 @@ ugen_do_ioctl(struct ugen_softc *sc, int
uio.uio_rw = UIO_READ;
uio.uio_procp = p;
error = uiomove((void *)cdesc, len, &uio);
- free(cdesc, M_TEMP, 0);
+ free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
return (error);
}
case USB_DO_REQUEST:
@@ -1196,8 +1196,7 @@ ugen_do_ioctl(struct ugen_softc *sc, int
}
}
ret:
- if (ptr)
- free(ptr, M_TEMP, len);
+ free(ptr, M_TEMP, len);
return (error);
}
case USB_GET_DEVICEINFO:
