From f1cba532e8c1001a39650379aa7e04ad974d0592 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 22 Jul 2010 23:38:45 -0700 Subject: [PATCH] Input: adxl34x - fix leak and use after free These are a couple smatch issues. In the original code, if only one of the allocation fails we leak the other variable so we should goto out_free_mem. Also there was a use after free if debugging was enabled and so I moved the kfree() down a line. Signed-off-by: Dan Carpenter Signed-off-by: Dmitry Torokhov --- drivers/input/misc/adxl34x.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/input/misc/adxl34x.c b/drivers/input/misc/adxl34x.c index bb9c10f..e2ca017 100644 --- a/drivers/input/misc/adxl34x.c +++ b/drivers/input/misc/adxl34x.c @@ -432,11 +432,10 @@ void adxl34x_resume(struct adxl34x *ac) if (ac->suspended && !ac->disabled && ac->opened) __adxl34x_enable(ac); - ac->suspended= false; + ac->suspended = false; mutex_unlock(&ac->mutex); } - EXPORT_SYMBOL_GPL(adxl34x_resume); static ssize_t adxl34x_disable_show(struct device *dev, @@ -709,7 +708,7 @@ struct adxl34x *adxl34x_probe(struct device *dev, int irq, input_dev = input_allocate_device(); if (!ac || !input_dev) { err = -ENOMEM; - goto err_out; + goto err_free_mem; } ac->fifo_delay = fifo_delay_default; @@ -904,9 +903,9 @@ int adxl34x_remove(struct adxl34x *ac) sysfs_remove_group(&ac->dev->kobj, &adxl34x_attr_group); free_irq(ac->irq, ac); input_unregister_device(ac->input); + dev_dbg(ac->dev, "unregistered accelerometer\n"); kfree(ac); - dev_dbg(ac->dev, "unregistered accelerometer\n"); return 0; } EXPORT_SYMBOL_GPL(adxl34x_remove); -- 2.7.4