LinuxLists.cc - [PATCH] drm/edid: Fix potential memory leak in edid

2012-08-07 12:42:25

Subject: [PATCH] drm/edid: Fix potential memory leak in edid_load()

Do not leak memory by updating pointer with potentially
NULL realloc return value.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/gpu/drm/drm_edid_load.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c
index 66d4a28..0303935 100644
--- a/drivers/gpu/drm/drm_edid_load.c
+++ b/drivers/gpu/drm/drm_edid_load.c
@@ -119,7 +119,7 @@ static int edid_load(struct drm_connector *connector, char *name,
{
const struct firmware *fw;
struct platform_device *pdev;
- u8 *fwdata = NULL, *edid;
+ u8 *fwdata = NULL, *edid, *new_edid;
int fwsize, expected;
int builtin = 0, err = 0;
int i, valid_extensions = 0;
@@ -195,12 +195,14 @@ static int edid_load(struct drm_connector *connector, char *name,
"\"%s\" for connector \"%s\"\n", valid_extensions,
edid[0x7e], name, connector_name);
edid[0x7e] = valid_extensions;
- edid = krealloc(edid, (valid_extensions + 1) * EDID_LENGTH,
+ new_edid = krealloc(edid, (valid_extensions + 1) * EDID_LENGTH,
GFP_KERNEL);
- if (edid == NULL) {
+ if (new_edid == NULL) {
err = -ENOMEM;
+ kfree(edid);
goto relfw_out;
}
+ edid = new_edid;
}

connector->display_info.raw_edid = edid;
--
1.7.9.5

2012-08-07 18:10:16

by Carsten Emde

[permalink] [raw]

Subject: Re: [PATCH] drm/edid: Fix potential memory leak in edid_load()

On 08/07/2012 02:23 PM, Alexey Khoroshilov wrote:
> Do not leak memory by updating pointer with potentially
> NULL realloc return value.
>
> Found by Linux Driver Verification project (linuxtesting.org).
Thanks, Alexey!

Reviewed-by: Carsten Emde <[email protected]>

> Signed-off-by: Alexey Khoroshilov <[email protected]>
> ---
> drivers/gpu/drm/drm_edid_load.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c
> index 66d4a28..0303935 100644
> --- a/drivers/gpu/drm/drm_edid_load.c
> +++ b/drivers/gpu/drm/drm_edid_load.c
> @@ -119,7 +119,7 @@ static int edid_load(struct drm_connector *connector, char *name,
> {
> const struct firmware *fw;
> struct platform_device *pdev;
> - u8 *fwdata = NULL, *edid;
> + u8 *fwdata = NULL, *edid, *new_edid;
> int fwsize, expected;
> int builtin = 0, err = 0;
> int i, valid_extensions = 0;
> @@ -195,12 +195,14 @@ static int edid_load(struct drm_connector *connector, char *name,
> "\"%s\" for connector \"%s\"\n", valid_extensions,
> edid[0x7e], name, connector_name);
> edid[0x7e] = valid_extensions;
> - edid = krealloc(edid, (valid_extensions + 1) * EDID_LENGTH,
> + new_edid = krealloc(edid, (valid_extensions + 1) * EDID_LENGTH,
> GFP_KERNEL);
> - if (edid == NULL) {
> + if (new_edid == NULL) {
> err = -ENOMEM;
> + kfree(edid);
> goto relfw_out;
> }
> + edid = new_edid;
> }
>
> connector->display_info.raw_edid = edid;