NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/41602: [usb][ohci]In function open_pipe(), may cause memory leak.



>Number:         41602
>Category:       kern
>Synopsis:       [usb][ohci]In function open_pipe(), may cause memory leak.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 16 14:00:01 +0000 2009
>Originator:     zhenhua,lin
>Release:        no
>Organization:
h3c
>Environment:
In private system, with the USB stack implemented in NetBsd.
>Description:
In function open_pipe(), the following two cases in the switch statement 
"switch (xfertype)" may cause memory leak:
>>>>>>>>>>>>>>>>>>>>>>>>>>>
                case UE_INTERRUPT:
                        pipe->methods = &ohci_device_intr_methods;
                        ival = pipe->interval;
                        if (ival == USBD_DEFAULT_INTERVAL)
                                ival = ed->bInterval;
                        return (ohci_device_setintr(sc, opipe, ival));
                case UE_ISOCHRONOUS:
                        pipe->methods = &ohci_device_isoc_methods;
                        return (ohci_setup_isoc(pipe));
<<<<<<<<<<<<<<<<<<<<<<<<<<<<

if the functions ohci_device_setintr() & ohci_setup_isoc() return 
!USBD_NORMAL_COMPLETION, then it will cause the memory which were used by "std, 
sed" not be free.
>How-To-Repeat:
review it.
>Fix:
just demo, not verify yet.
===========================
                case UE_INTERRUPT:
                        pipe->methods = &ohci_device_intr_methods;
                        ival = pipe->interval;
                        if (ival == USBD_DEFAULT_INTERVAL)
                                ival = ed->bInterval;
                        return (ohci_device_setintr(sc, opipe, ival));
                case UE_ISOCHRONOUS:
                        pipe->methods = &ohci_device_isoc_methods;
                        return (ohci_setup_isoc(pipe));
                case UE_BULK:



----->

                case UE_INTERRUPT:
                        pipe->methods = &ohci_device_intr_methods;
                        ival = pipe->interval;
                        if (ival == USBD_DEFAULT_INTERVAL)
                                ival = ed->bInterval;
-                       return (ohci_device_setintr(sc, opipe, ival));
+                       err = ohci_device_setintr(sc, opipe, ival);
+                       if (err)
+                          goto bad;
+                       break;
                case UE_ISOCHRONOUS:
                        pipe->methods = &ohci_device_isoc_methods;
-                       return (ohci_setup_isoc(pipe));
+                       err = ohci_setup_isoc(pipe);
+                       if (err)
+                          goto bad;
+                       break;
                case UE_BULK:



Home | Main Index | Thread Index | Old Index