From: Wenwen Wang Date: Sat, 27 Apr 2019 06:06:46 +0000 (-0500) Subject: ALSA: usb-audio: Fix a memory leak bug X-Git-Tag: v3.16.74~68 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22131d100411351f5dd1b3457ef12d7f2539188d;p=thirdparty%2Fkernel%2Fstable.git ALSA: usb-audio: Fix a memory leak bug commit cb5173594d50c72b7bfa14113dfc5084b4d2f726 upstream. In parse_audio_selector_unit(), the string array 'namelist' is allocated through kmalloc_array(), and each string pointer in this array, i.e., 'namelist[]', is allocated through kmalloc() in the following for loop. Then, a control instance 'kctl' is created by invoking snd_ctl_new1(). If an error occurs during the creation process, the string array 'namelist', including all string pointers in the array 'namelist[]', should be freed, before the error code ENOMEM is returned. However, the current code does not free 'namelist[]', resulting in memory leaks. To fix the above issue, free all string pointers 'namelist[]' in a loop. Signed-off-by: Wenwen Wang Signed-off-by: Takashi Iwai Signed-off-by: Ben Hutchings --- diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c index e08a859ee9978..b5d95e2c2ed5b 100644 --- a/sound/usb/mixer.c +++ b/sound/usb/mixer.c @@ -2090,6 +2090,8 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid, kctl = snd_ctl_new1(&mixer_selectunit_ctl, cval); if (! kctl) { usb_audio_err(state->chip, "cannot malloc kcontrol\n"); + for (i = 0; i < desc->bNrInPins; i++) + kfree(namelist[i]); kfree(namelist); kfree(cval); return -ENOMEM;