| Message ID | 20200819082228.26847-1-dinghao.liu@zju.edu.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/crc-debugfs: Fix memleak in crc_control_write | expand |
On Wed, Aug 19, 2020 at 02:55:15PM +0300, Laurent Pinchart wrote: > Hi Dinghao, > > Thank you for the patch. > > On Wed, Aug 19, 2020 at 04:22:28PM +0800, Dinghao Liu wrote: > > When verify_crc_source() fails, source needs to be freed. > > However, current code is returning directly and ends up > > leaking memory. > > > > Fixes: c0811a7d5befe ("drm/crc: Cleanup crtc_crc_open function") > > I think the issue was introduced in d5cc15a0c66e ("drm: crc: Introduce > verify_crc_source callback"). Apart from that, > > Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Pushed to drm-misc-next. -Daniel > > > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > > --- > > drivers/gpu/drm/drm_debugfs_crc.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/drm_debugfs_crc.c b/drivers/gpu/drm/drm_debugfs_crc.c > > index 5d67a41f7c3a..3dd70d813f69 100644 > > --- a/drivers/gpu/drm/drm_debugfs_crc.c > > +++ b/drivers/gpu/drm/drm_debugfs_crc.c > > @@ -144,8 +144,10 @@ static ssize_t crc_control_write(struct file *file, const char __user *ubuf, > > source[len - 1] = '\0'; > > > > ret = crtc->funcs->verify_crc_source(crtc, source, &values_cnt); > > - if (ret) > > + if (ret) { > > + kfree(source); > > return ret; > > + } > > > > spin_lock_irq(&crc->lock); > > > > -- > Regards, > > Laurent Pinchart
diff --git a/drivers/gpu/drm/drm_debugfs_crc.c b/drivers/gpu/drm/drm_debugfs_crc.c index 5d67a41f7c3a..3dd70d813f69 100644 --- a/drivers/gpu/drm/drm_debugfs_crc.c +++ b/drivers/gpu/drm/drm_debugfs_crc.c @@ -144,8 +144,10 @@ static ssize_t crc_control_write(struct file *file, const char __user *ubuf, source[len - 1] = '\0'; ret = crtc->funcs->verify_crc_source(crtc, source, &values_cnt); - if (ret) + if (ret) { + kfree(source); return ret; + } spin_lock_irq(&crc->lock);
When verify_crc_source() fails, source needs to be freed. However, current code is returning directly and ends up leaking memory. Fixes: c0811a7d5befe ("drm/crc: Cleanup crtc_crc_open function") Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> --- drivers/gpu/drm/drm_debugfs_crc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)