| Message ID | 20230824090725.28148-1-e.orlova@ispras.ru (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | media: s3c-camif: Avoid inappropriate kfree() | expand |
Hi Katya, On Thu, Aug 24, 2023 at 12:07:25PM +0300, Katya Orlova wrote: > s3c_camif_register_video_node() works with video_device structure stored > as a field of camif_vp, > so it should not be kfreed. But there is video_device_release() on error > path that do it. that's correct, the video_device is allocated with the camif_dev allocation. > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: babde1c243b2 ("[media] V4L: Add driver for S3C24XX/S3C64XX SoC series camera interface") > Signed-off-by: Katya Orlova <e.orlova@ispras.ru> > --- > drivers/media/platform/samsung/s3c-camif/camif-capture.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/media/platform/samsung/s3c-camif/camif-capture.c b/drivers/media/platform/samsung/s3c-camif/camif-capture.c > index 76634d242b10..79c8ee845c38 100644 > --- a/drivers/media/platform/samsung/s3c-camif/camif-capture.c > +++ b/drivers/media/platform/samsung/s3c-camif/camif-capture.c > @@ -1172,7 +1172,6 @@ int s3c_camif_register_video_node(struct camif_dev *camif, int idx) > err_me_cleanup: > media_entity_cleanup(&vfd->entity); > err_vd_rel: > - video_device_release(vfd); The best fix, though, is to completely get rid of the "err_vd_rel" goto label. You mind doint that on a v2? Thanks, Andi > return ret; > } > > -- > 2.30.2 >
diff --git a/drivers/media/platform/samsung/s3c-camif/camif-capture.c b/drivers/media/platform/samsung/s3c-camif/camif-capture.c index 76634d242b10..79c8ee845c38 100644 --- a/drivers/media/platform/samsung/s3c-camif/camif-capture.c +++ b/drivers/media/platform/samsung/s3c-camif/camif-capture.c @@ -1172,7 +1172,6 @@ int s3c_camif_register_video_node(struct camif_dev *camif, int idx) err_me_cleanup: media_entity_cleanup(&vfd->entity); err_vd_rel: - video_device_release(vfd); return ret; }
s3c_camif_register_video_node() works with video_device structure stored as a field of camif_vp, so it should not be kfreed. But there is video_device_release() on error path that do it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: babde1c243b2 ("[media] V4L: Add driver for S3C24XX/S3C64XX SoC series camera interface") Signed-off-by: Katya Orlova <e.orlova@ispras.ru> --- drivers/media/platform/samsung/s3c-camif/camif-capture.c | 1 - 1 file changed, 1 deletion(-)