From: Oliver Neukum <oliver@neukum.org>
Date: Sat, 26 Jul 2008 20:42:42 +0000 (+0200)
Subject: fix for a memory leak in an error case introduced by fix for double free
X-Git-Tag: v2.6.27-rc1~68
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=852fef69c0d9510a28a70221cfddd004efa02552;p=linux-2.6

fix for a memory leak in an error case introduced by fix for double free

The fix NULLed a pointer without freeing it.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Juha Motorsportcom <juha_motorsportcom@luukku.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
index 832a5a4f3c..cd9a2e138c 100644
--- a/drivers/usb/serial/ipaq.c
+++ b/drivers/usb/serial/ipaq.c
@@ -651,15 +651,17 @@ static int ipaq_open(struct tty_struct *tty,
 	 */
 
 	kfree(port->bulk_in_buffer);
+	kfree(port->bulk_out_buffer);
+	/* make sure the generic serial code knows */
+	port->bulk_out_buffer = NULL;
+
 	port->bulk_in_buffer = kmalloc(URBDATA_SIZE, GFP_KERNEL);
-	if (port->bulk_in_buffer == NULL) {
-		port->bulk_out_buffer = NULL; /* prevent double free */
+	if (port->bulk_in_buffer == NULL)
 		goto enomem;
-	}
 
-	kfree(port->bulk_out_buffer);
 	port->bulk_out_buffer = kmalloc(URBDATA_SIZE, GFP_KERNEL);
 	if (port->bulk_out_buffer == NULL) {
+		/* the buffer is useless, free it */
 		kfree(port->bulk_in_buffer);
 		port->bulk_in_buffer = NULL;
 		goto enomem;