@@ -2188,11 +2188,21 @@ static int __uvc_ctrl_add_mapping(struct uvc_video_chain *chain,
if (map == NULL)
return -ENOMEM;
+ /* For UVCIOC_CTRL_MAP custom control */
+ if (mapping->name) {
+ map->name = kstrdup(mapping->name, GFP_KERNEL);
+ if (!map->name) {
+ kfree(map);
+ return -ENOMEM;
+ }
+ }
+
INIT_LIST_HEAD(&map->ev_subs);
size = sizeof(*mapping->menu_info) * mapping->menu_count;
map->menu_info = kmemdup(mapping->menu_info, size, GFP_KERNEL);
if (map->menu_info == NULL) {
+ kfree(map->name);
kfree(map);
return -ENOMEM;
}
@@ -42,12 +42,12 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
map->id = xmap->id;
/* Non standard control id. */
if (v4l2_ctrl_get_name(map->id) == NULL) {
- map->name = kmemdup(xmap->name, sizeof(xmap->name),
- GFP_KERNEL);
- if (!map->name) {
- ret = -ENOMEM;
+ if (xmap->name[0] == '\0') {
+ ret = -EINVAL;
goto free_map;
}
+ xmap->name[sizeof(xmap->name) - 1] = '\0';
+ map->name = xmap->name;
}
memcpy(map->entity, xmap->entity, sizeof(map->entity));
map->selector = xmap->selector;
Move all the life cycle of the name to add_mapping. This simplifies the error handling inside uvc_ioctl_ctrl_map and solves a memory leak when kemmdup fails. Also make sure that for custom controls, the user provides a valid name. Fixes: 07adedb5c606 ("media: uvcvideo: Use control names from framework") Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> --- drivers/media/usb/uvc/uvc_ctrl.c | 10 ++++++++++ drivers/media/usb/uvc/uvc_v4l2.c | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-)