From bf0be0e951cf1c4c9ce38032195cd8095a16d828 Mon Sep 17 00:00:00 2001
From: Jesper Juhl <jj@chaosbits.net>
Date: Mon, 30 May 2011 12:49:01 +0200
Subject: ALSA: 6fire: Don't leak firmware in error path

One of the error paths in
sound/usb/6fire/firmware.c::usb6fire_fw_ezusb_upload() neglects to free
the memory allocated for the firmware before returning, thus leaking the
memory.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/usb/6fire/firmware.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sound/usb/6fire/firmware.c')

diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c
index d47beffedb0f..a91719d5918b 100644
--- a/sound/usb/6fire/firmware.c
+++ b/sound/usb/6fire/firmware.c
@@ -227,6 +227,7 @@ static int usb6fire_fw_ezusb_upload(
 	ret = usb6fire_fw_ihex_init(fw, rec);
 	if (ret < 0) {
 		kfree(rec);
+		release_firmware(fw);
 		snd_printk(KERN_ERR PREFIX "error validating ezusb "
 				"firmware %s.\n", fwname);
 		return ret;
-- 
cgit v1.2.3


From 37f7ec38ea5c31180461f82e895e13fdd549b595 Mon Sep 17 00:00:00 2001
From: Jesper Juhl <jj@chaosbits.net>
Date: Mon, 13 Jun 2011 23:52:02 +0200
Subject: ALSA: 6fire: Fix double-free bug in usb6fire_fw_ezusb_upload()

We have a double-free bug in
sound/usb/6fire/firmware.c::usb6fire_fw_ezusb_upload().
We already call release_firmware(fw) on line 258, so when we then do it
again after usb6fire_fw_ezusb_write() returns <0, we have a double-free.
Easily fixed by just removing the last call to release_firmware().

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 sound/usb/6fire/firmware.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'sound/usb/6fire/firmware.c')

diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c
index a91719d5918b..1e3ae3327dd3 100644
--- a/sound/usb/6fire/firmware.c
+++ b/sound/usb/6fire/firmware.c
@@ -270,7 +270,6 @@ static int usb6fire_fw_ezusb_upload(
 	data = 0x00; /* resume ezusb cpu */
 	ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1);
 	if (ret < 0) {
-		release_firmware(fw);
 		snd_printk(KERN_ERR PREFIX "unable to upload ezusb "
 				"firmware %s: end message.\n", fwname);
 		return ret;
-- 
cgit v1.2.3