wifi: rtw89: debug: Fix memory leak in __print_txpwr_map()

In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
without freeing bufp, leading to a memory leak.

Since the validation of max_valid_addr does not depend on the allocated
memory, fix this by moving the vzalloc() call after the check.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
Suggested-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Reviewed-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260116130834.1413924-1-zilin@seu.edu.cn

diff --git a/drivers/net/wireless/realtek/rtw89/debug.c b/drivers/net/wireless/realtek/rtw89/debug.c
index 2b48ccea27fb27e656e6484cd6ea173c4347becf..969b9c7e35a3c427d286040c191cfe0f195b222f 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/debug.c
+++ b/drivers/net/wireless/realtek/rtw89/debug.c
@@ -826,10 +826,6 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char *buf, size_t buf
        s8 *bufp, tmp;
        int ret;
 
-       bufp = vzalloc(map->addr_to - map->addr_from + 4);
-       if (!bufp)
-               return -ENOMEM;
-
        if (path_num == 1)
                max_valid_addr = map->addr_to_1ss;
        else
@@ -838,6 +834,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char *buf, size_t buf
        if (max_valid_addr == 0)
                return -EOPNOTSUPP;
 
+       bufp = vzalloc(map->addr_to - map->addr_from + 4);
+       if (!bufp)
+               return -ENOMEM;
+
        for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
                ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
                if (ret)