lkdtm: fix memory leak of val

sudipm-mukherjee · kees · commit 50fbd977733d · 2016-04-06T16:22:23.000-07:00
This case is supposed to read from a page after after it is freed, but
it missed freeing val if we are not able to get a free page.

Signed-off-by: Sudip Mukherjee &lt;sudip.mukherjee@codethink.co.uk&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
@@ -498,12 +498,13 @@ static void lkdtm_do_action(enum ctype which)
 	}
 	case CT_READ_BUDDY_AFTER_FREE: {
 		unsigned long p = __get_free_page(GFP_KERNEL);
-		int saw, *val = kmalloc(1024, GFP_KERNEL);
+		int saw, *val;
 		int *base;
 
 		if (!p)
 			break;
 
+		val = kmalloc(1024, GFP_KERNEL);
 		if (!val)
 			break;
 
