A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail.
Make sure to free the firmware buffer before returning on errors.
Fixes: 6fb81c405bfa ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable@vger.kernel.org # 4.19 Signed-off-by: Johan Hovold johan+linaro@kernel.org --- drivers/bluetooth/btqca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Luiz,
Sorry for not catching this before posting v2.
Feel to free to squash this fix into commit 6fb81c405bfa ("Bluetooth: qca: add missing firmware sanity checks") in the bluetooth-next branch if you prefer.
Note that the commit id in the Fixes tag above won't match if you cherry pick both commits to the fixes branch.
Johan
diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 125f140e012a..59e384fa1a0c 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -676,7 +676,7 @@ static int qca_download_firmware(struct hci_dev *hdev,
ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out;
segment = data; remain = size;