From b95402bc722d5d834eb77078ee0d7e0c693b5d82 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Fri, 8 May 2020 09:02:03 +0200 Subject: [PATCH] upekts: Fix memory leak and remove unneeded copy __handle_incoming_msg would copy the payload of the message into a newly created buffer just to destroy it again immediately after calling the callback. Just reference the correct address inside the original package instead. Also, in one case the extra buffer was leaked afterwards. --- libfprint/drivers/upekts.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/libfprint/drivers/upekts.c b/libfprint/drivers/upekts.c index e6fac76..398a442 100644 --- a/libfprint/drivers/upekts.c +++ b/libfprint/drivers/upekts.c @@ -238,7 +238,6 @@ __handle_incoming_msg (FpDevice *device, guint16 len; guint16 computed_crc; guint16 msg_crc; - unsigned char *retdata = NULL; unsigned char code_a, code_b; g_assert (udata->buflen >= 6); @@ -273,12 +272,7 @@ __handle_incoming_msg (FpDevice *device, return; } - if (len > 0) - { - retdata = g_malloc (len); - memcpy (retdata, buf + 7, len); - } - udata->callback (device, READ_MSG_CMD, code_a, 0, retdata, len, + udata->callback (device, READ_MSG_CMD, code_a, 0, buf + 7, len, udata->user_data, NULL); goto done; } @@ -315,14 +309,8 @@ __handle_incoming_msg (FpDevice *device, innerlen = innerlen - 3; _subcmd = innerbuf[5]; fp_dbg ("device responds to subcmd %x with %d bytes", _subcmd, innerlen); - if (innerlen > 0) - { - retdata = g_malloc (innerlen); - memcpy (retdata, innerbuf + 6, innerlen); - } udata->callback (device, READ_MSG_RESPONSE, code_b, _subcmd, - retdata, innerlen, udata->user_data, NULL); - g_free (retdata); + innerbuf + 6, innerlen, udata->user_data, NULL); goto done; } else