ChangeSet 1.1006.11.10, 2003/03/14 12:10:15-08:00, green@linuxhacker.ru

[PATCH] USB: memleak in Edgeport USB Serial Converter driver


 drivers/usb/serial/io_ti.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)


diff -Nru a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
--- a/drivers/usb/serial/io_ti.c	Thu Mar 27 16:02:15 2003
+++ b/drivers/usb/serial/io_ti.c	Thu Mar 27 16:02:15 2003
@@ -460,7 +460,7 @@
 {
 	int status;
 	struct out_endpoint_desc_block *oedb;
-	__u8 lsr;
+	__u8 *lsr;
 	int bytes_left = 0;
 
 	oedb = kmalloc (sizeof (* oedb), GFP_KERNEL);
@@ -469,6 +469,13 @@
 		return -ENOMEM;
 	}
 
+	lsr = kmalloc (1, GFP_KERNEL);	/* Sigh, that's right, just one byte,
+					   as not all platforms can do DMA
+					   from stack */
+	if (!lsr) {
+		kfree(oedb);
+		return -ENOMEM;
+	}
 	/* Read the DMA Count Registers */
 	status = TIReadRam (port->port->serial->dev,
 			    port->dma_address,
@@ -484,7 +491,7 @@
 	status = TIReadRam (port->port->serial->dev, 
 			    port->uart_base + UMPMEM_OFFS_UART_LSR,
 			    1,
-			    &lsr);
+			    lsr);
 
 	if (status)
 		goto exit_is_tx_active;
@@ -500,6 +507,9 @@
 	/* We return Not Active if we get any kind of error */
 exit_is_tx_active:
 	dbg ("%s - return %d", __FUNCTION__, bytes_left );
+
+	kfree(lsr);
+	kfree(oedb);
 	return bytes_left;
 }