Message ID | 20200630195451.18675-1-novikov@ispras.ru (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | video: fbdev: neofb: fix memory leak in neo_scan_monitor() | expand |
On 6/30/20 9:54 PM, Evgeny Novikov wrote: > neofb_probe() calls neo_scan_monitor() that can successfully allocate a > memory for info->monspecs.modedb and proceed to case 0x03. There it does > not free the memory and returns -1. neofb_probe() goes to label > err_scan_monitor, thus, it does not free this memory through calling > fb_destroy_modedb() as well. We can not go to label err_init_hw since > neo_scan_monitor() can fail during memory allocation. So, the patch frees > the memory directly for case 0x03. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Evgeny Novikov <novikov@ispras.ru> Applied to drm-misc-next tree, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics > --- > drivers/video/fbdev/neofb.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c > index f5a676bfd67a..09a20d4ab35f 100644 > --- a/drivers/video/fbdev/neofb.c > +++ b/drivers/video/fbdev/neofb.c > @@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info) > #else > printk(KERN_ERR > "neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n"); > + kfree(info->monspecs.modedb); > return -1; > #endif > default: >
diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c index f5a676bfd67a..09a20d4ab35f 100644 --- a/drivers/video/fbdev/neofb.c +++ b/drivers/video/fbdev/neofb.c @@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info) #else printk(KERN_ERR "neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n"); + kfree(info->monspecs.modedb); return -1; #endif default:
neofb_probe() calls neo_scan_monitor() that can successfully allocate a memory for info->monspecs.modedb and proceed to case 0x03. There it does not free the memory and returns -1. neofb_probe() goes to label err_scan_monitor, thus, it does not free this memory through calling fb_destroy_modedb() as well. We can not go to label err_init_hw since neo_scan_monitor() can fail during memory allocation. So, the patch frees the memory directly for case 0x03. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Evgeny Novikov <novikov@ispras.ru> --- drivers/video/fbdev/neofb.c | 1 + 1 file changed, 1 insertion(+)