lkdtm: fix memory leak of val

This case is supposed to read from a page after after it is freed, but it missed freeing val if we are not able to get a free page. Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk> Signed-off-by: Kees Cook <keescook@chromium.org>
mariux64 · Apr 6, 2016 · 50fbd97 · 50fbd97
1 parent c4004b0
commit 50fbd97
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
@@ -498,12 +498,13 @@ static void lkdtm_do_action(enum ctype which)
 	}
 	case CT_READ_BUDDY_AFTER_FREE: {
 		unsigned long p = __get_free_page(GFP_KERNEL);
-		int saw, *val = kmalloc(1024, GFP_KERNEL);
+		int saw, *val;
 		int *base;
 
 		if (!p)
 			break;
 
+		val = kmalloc(1024, GFP_KERNEL);
 		if (!val)
 			break;