From d98808a253f209465ed9f415c565f4c294a213b8 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Thu, 26 May 2011 16:25:59 -0700 Subject: drivers/char/ppdev.c: put gotten port value parport_find_number() calls parport_get_port() on its result, so there should be a corresponding call to parport_put_port() before dropping the reference. Similar code is found in the function register_device() in the same file. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @exists@ local idexpression struct parport * x; expression ra,rr; statement S1,S2; @@ x = parport_find_number(...) ... when != x = rr when any when != parport_put_port(x,...) when != if (...) { ... parport_put_port(x,...) ...} ( if(<+...x...+>) S1 else S2 | if(...) { ... when != x = ra when forall when != parport_put_port(x,...) *return...; } ) // Signed-off-by: Julia Lawall Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/ppdev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c index f176dba..3fcf80f 100644 --- a/drivers/char/ppdev.c +++ b/drivers/char/ppdev.c @@ -457,6 +457,7 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg) return -ENODEV; modes = port->modes; + parport_put_port(port); if (copy_to_user (argp, &modes, sizeof (modes))) { return -EFAULT; } -- cgit v1.1