From 852fef69c0d9510a28a70221cfddd004efa02552 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oliver@neukum.org>
Date: Sat, 26 Jul 2008 22:42:42 +0200
Subject: fix for a memory leak in an error case introduced by fix for double
 free

The fix NULLed a pointer without freeing it.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Juha Motorsportcom <juha_motorsportcom@luukku.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 drivers/usb/serial/ipaq.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'drivers/usb/serial/ipaq.c')

diff --git a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
index 832a5a4..cd9a2e13 100644
--- a/drivers/usb/serial/ipaq.c
+++ b/drivers/usb/serial/ipaq.c
@@ -651,15 +651,17 @@ static int ipaq_open(struct tty_struct *tty,
 	 */
 
 	kfree(port->bulk_in_buffer);
+	kfree(port->bulk_out_buffer);
+	/* make sure the generic serial code knows */
+	port->bulk_out_buffer = NULL;
+
 	port->bulk_in_buffer = kmalloc(URBDATA_SIZE, GFP_KERNEL);
-	if (port->bulk_in_buffer == NULL) {
-		port->bulk_out_buffer = NULL; /* prevent double free */
+	if (port->bulk_in_buffer == NULL)
 		goto enomem;
-	}
 
-	kfree(port->bulk_out_buffer);
 	port->bulk_out_buffer = kmalloc(URBDATA_SIZE, GFP_KERNEL);
 	if (port->bulk_out_buffer == NULL) {
+		/* the buffer is useless, free it */
 		kfree(port->bulk_in_buffer);
 		port->bulk_in_buffer = NULL;
 		goto enomem;
-- 
cgit v1.1