staging: r8188eu: fix a potential memory leak in rtw_init_cmd_priv()

In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated
in failure, then `pcmdpriv->cmd_allocated_buf` will not be properly
released. Besides, considering there are only two error paths and the
first one can directly return, we do not need to implicitly jump to the
`exit` tag to execute the error handling code.

So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error
path to release the resource and simplified the return logic of
rtw_init_cmd_priv(). As there is no proper device to test with, no
runtime testing was performed.

Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_1B6AAE10471D4556788892F8FF3E4812F306@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/r8188eu/core/rtw_cmd.c b/drivers/staging/r8188eu/core/rtw_cmd.c
index ca1f2cc524708b892b4d0f03b56fc41d5a5d23f5..04afeab0601f9b538bf57930e1b7e7171671c9b9 100644 (file)
--- a/drivers/staging/r8188eu/core/rtw_cmd.c
+++ b/drivers/staging/r8188eu/core/rtw_cmd.c
@@ -57,8 +57,6 @@ exit:
 
 u32    rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
 {
-       u32 res = _SUCCESS;
-
        init_completion(&pcmdpriv->enqueue_cmd);
        /* sema_init(&(pcmdpriv->cmd_done_sema), 0); */
        init_completion(&pcmdpriv->start_cmd_thread);
@@ -73,27 +71,24 @@ u32 rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
        pcmdpriv->cmd_allocated_buf = kzalloc(MAX_CMDSZ + CMDBUFF_ALIGN_SZ,
                                              GFP_KERNEL);
 
-       if (!pcmdpriv->cmd_allocated_buf) {
-               res = _FAIL;
-               goto exit;
-       }
+       if (!pcmdpriv->cmd_allocated_buf)
+               return _FAIL;
 
        pcmdpriv->cmd_buf = pcmdpriv->cmd_allocated_buf  +  CMDBUFF_ALIGN_SZ - ((size_t)(pcmdpriv->cmd_allocated_buf) & (CMDBUFF_ALIGN_SZ - 1));
 
        pcmdpriv->rsp_allocated_buf = kzalloc(MAX_RSPSZ + 4, GFP_KERNEL);
 
        if (!pcmdpriv->rsp_allocated_buf) {
-               res = _FAIL;
-               goto exit;
+               kfree(pcmdpriv->cmd_allocated_buf);
+               return _FAIL;
        }
 
        pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf  +  4 - ((size_t)(pcmdpriv->rsp_allocated_buf) & 3);
 
        pcmdpriv->cmd_done_cnt = 0;
        pcmdpriv->rsp_cnt = 0;
-exit:
 
-       return res;
+       return _SUCCESS;
 }
 
 u32 rtw_init_evt_priv(struct evt_priv *pevtpriv)