On Wed, Nov 18, 2015 at 01:43:30PM +0100, Christian Gromm wrote:
> This patch fixes a potential MBO leak in case function aim_read()
> exits right after the MBO has been fetched from kfifo and before
> it has been saved to the variable stacked_mbo.
>
> Signed-off-by: Christian Gromm <[email protected]>
> ---
> drivers/staging/most/aim-cdev/cdev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/most/aim-cdev/cdev.c
> b/drivers/staging/most/aim-cdev/cdev.c
> index 6ee4eb2..86194ce 100644
> --- a/drivers/staging/most/aim-cdev/cdev.c
> +++ b/drivers/staging/most/aim-cdev/cdev.c
> @@ -237,6 +237,7 @@ aim_read(struct file *filp, char __user *buf, size_t
> count, loff_t *offset)
> (!channel->dev))))
> return -ERESTARTSYS;
> }
> + channel->stacked_mbo = mbo;
You can also come out of the while loop when channel->dev is NULL.
Maybe this should have been:
if (channel->dev)
channel->stacked_mbo = mbo;
regards
sudip
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
