From: Markus Elfring <[email protected]> Date: Wed, 11 Jan 2017 17:27:53 +0100
The kfree() function was called in one case by the cfi_intelext_setup() function during error handling even if the passed data structure member contained a null pointer. * Adjust a jump target according to the Linux coding style convention so that memory will be also released for members of a data structure before the container "mtd" in the error handling case. * Delete a check which became unnecessary with this refactoring. Signed-off-by: Markus Elfring <[email protected]> --- drivers/mtd/chips/cfi_cmdset_0001.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c index d7d3d398e4d4..7f6ed7293e40 100644 --- a/drivers/mtd/chips/cfi_cmdset_0001.c +++ b/drivers/mtd/chips/cfi_cmdset_0001.c @@ -601,7 +601,7 @@ static struct mtd_info *cfi_intelext_setup(struct mtd_info *mtd) sizeof(*mtd->eraseregions), GFP_KERNEL); if (!mtd->eraseregions) - goto setup_err; + goto free_priv; for (i = 0; i < cfi->cfiq->NumEraseRegions; i++) { unsigned long ernum, ersize; @@ -657,16 +657,14 @@ static struct mtd_info *cfi_intelext_setup(struct mtd_info *mtd) return mtd; setup_err: - if (mtd->eraseregions) - for (i = 0; i < cfi->cfiq->NumEraseRegions; i++) - for (j = 0; j < cfi->numchips; j++) - kfree(mtd->eraseregions[j - * cfi->cfiq - ->NumEraseRegions - + i].lockmap); + for (i = 0; i < cfi->cfiq->NumEraseRegions; i++) + for (j = 0; j < cfi->numchips; j++) + kfree(mtd->eraseregions[j * cfi->cfiq->NumEraseRegions + + i].lockmap); kfree(mtd->eraseregions); - kfree(mtd); +free_priv: kfree(cfi->cmdset_priv); + kfree(mtd); return NULL; } -- 2.11.0
