3 Jan
2010
3 Jan
'10
2 a.m.
There appears to be a path through mmc_read in drivers/mmc/mmc.c where malloc'd memory is not freed before exiting mmc_read, although this may be a hypothetical situation. It occurs if mmc_set_blocklen() returns a non-zero value.
The following patch appears to resolve the issue:
--- o/drivers/mmc/mmc.c 2010-01-03 00:44:41.000000000 +0000 +++ drivers/mmc/mmc.c 2010-01-03 00:46:14.000000000 +0000 @@ -172,7 +172,7 @@ int mmc_read(struct mmc *mmc, u64 src, u err = mmc_set_blocklen(mmc, mmc->read_bl_len);
if (err) - return err; + goto free_buffer;
for (i = startblock; i <= endblock; i++) { int segment_size;
Regards, Quentin Armitage