[Spice-devel] [usbredir v1] usbredirhost: fix leak on error
Victor Toso
lists at victortoso.com
Thu Aug 4 11:38:04 UTC 2016
Hi,
On Thu, Aug 04, 2016 at 08:37:02AM +0200, Pavel Grunt wrote:
> Hey
>
> On Wed, 2016-08-03 at 18:11 +0200, Victor Toso wrote:
> > Pointed by coverity:
> > 17. usbredir-0.7.1/usbredirhost/usbredirhost.c:2306: leaked_storage:
> > Returning without freeing "data" leaks the storage that it points to.
> > # 2304|
> > # usbredirhost_bulk_packet_complete(transfer->transfer);
> > # 2305| }
> > # 2306|-> }
> > # 2307|
> > # 2308| static void usbredirhost_iso_packet(void *priv, uint64_t
> > # id,
> > ---
> > usbredirhost/usbredirhost.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/usbredirhost/usbredirhost.c b/usbredirhost/usbredirhost.c
> > index 3e80677..2b3ee74 100644
> > --- a/usbredirhost/usbredirhost.c
> > +++ b/usbredirhost/usbredirhost.c
> > @@ -2280,6 +2280,7 @@ static void usbredirhost_bulk_packet(void *priv,
> > uint64_t id,
> > transfer, BULK_TIMEOUT);
> > #else
> > r = LIBUSB_ERROR_INVALID_PARAM;
> > + free(buffer);
> buffer is not declared in that function
But the malloc is ours [0] and we free it in situation of error when
usbredirhost_alloc_transfer() fails.
[0] https://cgit.freedesktop.org/spice/usbredir/tree/usbredirhost/usbredirhost.c#n2256
Not sure about the code design but it seems we should free the data if
we don't pass this buffer to libusb_fill_bulk_transfer()
Cheers,
toso
>
> Pavel
> > goto error;
> > #endif
> > } else {
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list