From b95402bc722d5d834eb77078ee0d7e0c693b5d82 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Fri, 8 May 2020 09:02:03 +0200
Subject: [PATCH] upekts: Fix memory leak and remove unneeded copy
__handle_incoming_msg would copy the payload of the message into a newly
created buffer just to destroy it again immediately after calling the
callback. Just reference the correct address inside the original package
instead.
Also, in one case the extra buffer was leaked afterwards.
---
libfprint/drivers/upekts.c | 16 ++--------------
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/libfprint/drivers/upekts.c b/libfprint/drivers/upekts.c
index e6fac76..398a442 100644
--- a/libfprint/drivers/upekts.c
+++ b/libfprint/drivers/upekts.c
@@ -238,7 +238,6 @@ __handle_incoming_msg (FpDevice *device,
guint16 len;
guint16 computed_crc;
guint16 msg_crc;
- unsigned char *retdata = NULL;
unsigned char code_a, code_b;
g_assert (udata->buflen >= 6);
@@ -273,12 +272,7 @@ __handle_incoming_msg (FpDevice *device,
return;
}
- if (len > 0)
- {
- retdata = g_malloc (len);
- memcpy (retdata, buf + 7, len);
- }
- udata->callback (device, READ_MSG_CMD, code_a, 0, retdata, len,
+ udata->callback (device, READ_MSG_CMD, code_a, 0, buf + 7, len,
udata->user_data, NULL);
goto done;
}
@@ -315,14 +309,8 @@ __handle_incoming_msg (FpDevice *device,
innerlen = innerlen - 3;
_subcmd = innerbuf[5];
fp_dbg ("device responds to subcmd %x with %d bytes", _subcmd, innerlen);
- if (innerlen > 0)
- {
- retdata = g_malloc (innerlen);
- memcpy (retdata, innerbuf + 6, innerlen);
- }
udata->callback (device, READ_MSG_RESPONSE, code_b, _subcmd,
- retdata, innerlen, udata->user_data, NULL);
- g_free (retdata);
+ innerbuf + 6, innerlen, udata->user_data, NULL);
goto done;
}
else