Staging: dream: introduce missing kfree

Author: Julia Lawall <julia@diku.dk>

Error handling code following a kmalloc or kzalloc should free the
allocated data.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// 
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,f1,l;
position p1,p2;
expression *ptr != NULL;
@@

x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
     when != if (...) { <+...x...+> }
(
x->f1 = E
|
 (x->f1 == NULL || ...)
|
 f(...,x->f1,...)
)
...>
(
 return \(0\|<+...x...+>\|ptr\);
|
 return@p2 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// 

Signed-off-by: Julia Lawall

---
 drivers/staging/dream/camera/msm_v4l2.c       |  8 ++++++--
 drivers/staging/dream/camera/msm_vfe8x_proc.c | 16 ++++++++++++----
 2 files changed, 18 insertions(+), 6 deletions(-)
 
diff --git a/drivers/staging/dream/camera/msm_v4l2.c b/drivers/staging/dream/camera/msm_v4l2.c
index 46a6eb1..6a7d46c 100644
--- a/drivers/staging/dream/camera/msm_v4l2.c
+++ b/drivers/staging/dream/camera/msm_v4l2.c
@@ -521,13 +521,17 @@ static int msm_v4l2_s_fmt_cap(struct file *f,
   ctrlcmd->value      = pfmt;
   ctrlcmd->timeout_ms = 10000;
 
-	if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE)
+	if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) {
+		kfree(ctrlcmd);
 		return -1;
+	}
 
 #if 0
 	/* FIXEME */
-	if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420)
+	if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420) {
+		kfree(ctrlcmd);
 		return -EINVAL;
+	}
 #endif
 
 	/* Ok, but check other params, too. */
diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c
index 5436f71..10aef0e 100644
--- a/drivers/staging/dream/camera/msm_vfe8x_proc.c
+++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c
@@ -967,8 +967,10 @@ vfe_send_af_stats_msg(uint32_t afBufAddress)
 	/* fill message with right content. */
 	/* @todo This is causing issues, need further investigate */
 	/* spin_lock_irqsave(&ctrl->state_lock, flags); */
-	if (ctrl->vstate != VFE_STATE_ACTIVE)
+	if (ctrl->vstate != VFE_STATE_ACTIVE) {
+		kfree(msg);
 		goto af_stats_done;
+	}
 
 	msg->_d = VFE_MSG_ID_STATS_AUTOFOCUS;
 	msg->_u.msgStatsAf.afBuffer = afBufAddress;
@@ -1053,8 +1055,10 @@ static void vfe_send_awb_stats_msg(uint32_t awbBufAddress)
 	/* fill message with right content. */
 	/* @todo This is causing issues, need further investigate */
 	/* spin_lock_irqsave(&ctrl->state_lock, flags); */
-	if (ctrl->vstate != VFE_STATE_ACTIVE)
+	if (ctrl->vstate != VFE_STATE_ACTIVE) {
+		kfree(msg);
 		goto awb_stats_done;
+	}
 
 	msg->_d = VFE_MSG_ID_STATS_WB_EXP;
 	msg->_u.msgStatsWbExp.awbBuffer = awbBufAddress;
@@ -1483,8 +1487,10 @@ static void vfe_send_output2_msg(
 	/* fill message with right content. */
 	/* @todo This is causing issues, need further investigate */
 	/* spin_lock_irqsave(&ctrl->state_lock, flags); */
-	if (ctrl->vstate != VFE_STATE_ACTIVE)
+	if (ctrl->vstate != VFE_STATE_ACTIVE) {
+		kfree(msg);
 		goto output2_msg_done;
+	}
 
 	msg->_d = VFE_MSG_ID_OUTPUT2;
 
@@ -1518,8 +1524,10 @@ static void vfe_send_output1_msg(
 
 	/* @todo This is causing issues, need further investigate */
 	/* spin_lock_irqsave(&ctrl->state_lock, flags); */
-	if (ctrl->vstate != VFE_STATE_ACTIVE)
+	if (ctrl->vstate != VFE_STATE_ACTIVE) {
+		kfree(msg);
 		goto output1_msg_done;
+	}
 
 	msg->_d = VFE_MSG_ID_OUTPUT1;
 	memmove(&(msg->_u),

--- drivers/staging/dream/camera/msm_v4l2.c | 8 ++++++-- drivers/staging/dream/camera/msm_vfe8x_proc.c | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/staging/dream/camera/msm_v4l2.c b/drivers/staging/dream/camera/msm_v4l2.c index 46a6eb1..6a7d46c 100644 --- a/drivers/staging/dream/camera/msm_v4l2.c +++ b/drivers/staging/dream/camera/msm_v4l2.c @@ -521,13 +521,17 @@ static int msm_v4l2_s_fmt_cap(struct file *f, ctrlcmd->value = pfmt; ctrlcmd->timeout_ms = 10000; - if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) + if (pfmt->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) { + kfree(ctrlcmd); return -1; + } #if 0 /* FIXEME */ - if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420) + if (pfmt->fmt.pix.pixelformat != V4L2_PIX_FMT_YVU420) { + kfree(ctrlcmd); return -EINVAL; + } #endif /* Ok, but check other params, too. */ diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c index 5436f71..10aef0e 100644 --- a/drivers/staging/dream/camera/msm_vfe8x_proc.c +++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c @@ -967,8 +967,10 @@ vfe_send_af_stats_msg(uint32_t afBufAddress) /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto af_stats_done; + } msg->_d = VFE_MSG_ID_STATS_AUTOFOCUS; msg->_u.msgStatsAf.afBuffer = afBufAddress; @@ -1053,8 +1055,10 @@ static void vfe_send_awb_stats_msg(uint32_t awbBufAddress) /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto awb_stats_done; + } msg->_d = VFE_MSG_ID_STATS_WB_EXP; msg->_u.msgStatsWbExp.awbBuffer = awbBufAddress; @@ -1483,8 +1487,10 @@ static void vfe_send_output2_msg( /* fill message with right content. */ /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto output2_msg_done; + } msg->_d = VFE_MSG_ID_OUTPUT2; @@ -1518,8 +1524,10 @@ static void vfe_send_output1_msg( /* @todo This is causing issues, need further investigate */ /* spin_lock_irqsave(&ctrl->state_lock, flags); */ - if (ctrl->vstate != VFE_STATE_ACTIVE) + if (ctrl->vstate != VFE_STATE_ACTIVE) { + kfree(msg); goto output1_msg_done; + } msg->_d = VFE_MSG_ID_OUTPUT1; memmove(&(msg->_u),

Staging: dream: introduce missing kfree

qlambert

Archives

Posts by Subject