ChangeSet 1.1094.6.12, 2003/03/14 12:05:46-08:00, green@linuxhacker.ru

[PATCH] USB: memleak in Edgeport USB Serial Converter driver


 drivers/usb/serial/io_ti.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)


diff -Nru a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
--- a/drivers/usb/serial/io_ti.c	Mon Mar 17 11:46:08 2003
+++ b/drivers/usb/serial/io_ti.c	Mon Mar 17 11:46:08 2003
@@ -468,7 +468,7 @@
 {
 	int status;
 	struct out_endpoint_desc_block *oedb;
-	__u8 lsr;
+	__u8 *lsr;
 	int bytes_left = 0;
 
 	oedb = kmalloc (sizeof (* oedb), GFP_KERNEL);
@@ -477,6 +477,13 @@
 		return -ENOMEM;
 	}
 
+	lsr = kmalloc (1, GFP_KERNEL);	/* Sigh, that's right, just one byte,
+					   as not all platforms can do DMA
+					   from stack */
+	if (!lsr) {
+		kfree(oedb);
+		return -ENOMEM;
+	}
 	/* Read the DMA Count Registers */
 	status = TIReadRam (port->port->serial->dev,
 			    port->dma_address,
@@ -492,7 +499,7 @@
 	status = TIReadRam (port->port->serial->dev, 
 			    port->uart_base + UMPMEM_OFFS_UART_LSR,
 			    1,
-			    &lsr);
+			    lsr);
 
 	if (status)
 		goto exit_is_tx_active;
@@ -508,6 +515,9 @@
 	/* We return Not Active if we get any kind of error */
 exit_is_tx_active:
 	dbg ("%s - return %d", __FUNCTION__, bytes_left );
+
+	kfree(lsr);
+	kfree(oedb);
 	return bytes_left;
 }