tipc: Fix memory leak in tipc_group_create_member() (d82e08de) · Commits · e / devices / android_kernel_fairphone_FP4

net/tipc/group.c

+10 −4

Original line number	Diff line number	Diff line
		@@ -273,7 +273,7 @@ static struct tipc_member tipc_group_find_node(struct tipc_group grp,
		return NULL;
		}

		static void tipc_group_add_to_tree(struct tipc_group *grp,
		static int tipc_group_add_to_tree(struct tipc_group *grp,
		struct tipc_member *m)
		{
		u64 nkey, key = (u64)m->node << 32 \| m->port;
		@@ -291,10 +291,11 @@ static void tipc_group_add_to_tree(struct tipc_group *grp,
		else if (key > nkey)
		n = &(*n)->rb_right;
		else
		return;
		return -EEXIST;
		}
		rb_link_node(&m->tree_node, parent, n);
		rb_insert_color(&m->tree_node, &grp->members);
		return 0;
		}

		static struct tipc_member tipc_group_create_member(struct tipc_group grp,
		@@ -302,6 +303,7 @@ static struct tipc_member tipc_group_create_member(struct tipc_group grp,
		u32 instance, int state)
		{
		struct tipc_member *m;
		int ret;

		m = kzalloc(sizeof(*m), GFP_ATOMIC);
		if (!m)
		@@ -314,8 +316,12 @@ static struct tipc_member tipc_group_create_member(struct tipc_group grp,
		m->port = port;
		m->instance = instance;
		m->bc_acked = grp->bc_snd_nxt - 1;
		ret = tipc_group_add_to_tree(grp, m);
		if (ret < 0) {
		kfree(m);
		return NULL;
		}
		grp->member_cnt++;
		tipc_group_add_to_tree(grp, m);
		tipc_nlist_add(&grp->dests, m->node);
		m->state = state;
		return m;