From 242ed444d3803c8e2b35bec07ac1b448caddb541 Mon Sep 17 00:00:00 2001 From: Lee Cewd Date: Sun, 8 Sep 2013 20:49:42 +0800 Subject: [PATCH] Fix memory leak in response handler A temporarily allocated buffer which is used to pass data from libraw1394's event loop to the Address Range Mapping callback was never freed. This was pointed out by the following valgrind trace: 3067120 (3066560 direct, 560 indirect) bytes in 10952 blocks are definitely lost in loss record 36 of 36 at 0x4029F6F : malloc () by 0x405B1B5 : ??? (in usr/lib/libraw1394.so.11.0.1) by 0x405B492 : ??? (in usr/lib/libraw1394.so.11.0.1) by 0x405BF24 : fw_loop_iterate (in usr/lib/libraw1394.so.11.0.1) by 0x405C197 : ??? (in usr/lib/libraw1394.so.11.0.1) by 0x405D6F8 : fw_write (in usr/lib/libraw1394.so.11.0.1) by 0x405A292 : raw1394_write (in usr/lib/libraw1394.so.11.0.1) by 0x805A0F2 : main (main.cpp:121) Signed-off-by: Stefan Richter --- src/fw.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/fw.c b/src/fw.c index 7d64250..7e9bd52 100644 --- a/src/fw.c +++ b/src/fw.c @@ -793,7 +793,7 @@ handle_arm_request(raw1394handle_t handle, struct address_closure *ac, struct fw_cdev_send_response response; arm_options_t type; size_t in_length; - int pos; + int pos, retval; pos = offset - allocation->offset; response.handle = kernel_handle; @@ -898,8 +898,10 @@ handle_arm_request(raw1394handle_t handle, struct address_closure *ac, rrb->response.buffer = rrb->data + in_length; memcpy(rrb->response.buffer, allocation->data + pos, response.length); - return fwhandle->arm_tag_handler(handle, allocation->tag, type, - length, &rrb->request_response); + retval = fwhandle->arm_tag_handler(handle, allocation->tag, type, + length, &rrb->request_response); + free(rrb); + return retval; } int