staging: csr: fix possible memory leak in do_patch_convert_download()

pfw has been allocated in function xbv_to_patch() and should be freed before leaving from the error handling cases. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-09-03 18:15:26 +08:00 · 2012-09-03 18:15:26 +08:00 · c8be681fad
--- a/drivers/staging/csr/csr_wifi_hip_download.c
+++ b/drivers/staging/csr/csr_wifi_hip_download.c
@ -250,6 +250,7 @@ static CsrResult do_patch_convert_download(card_t *card, void *dlpriv, xbv1_t *p
        if (r != CSR_RESULT_SUCCESS)
        {
            unifi_error(card->ospriv, "Failed to find BOOT_LOADER_CONTROL\n");
+            kfree(pfw);
            return CSR_RESULT_FAILURE;
        }

@ -265,6 +266,7 @@ static CsrResult do_patch_convert_download(card_t *card, void *dlpriv, xbv1_t *p
        desc = unifi_fw_open_buffer(card->ospriv, pfw, psize);
        if (!desc)
        {
+            kfree(pfw);
            return CSR_WIFI_HIP_RESULT_NO_MEMORY;
        }