From: Xidong Wang <[email protected]>
In function fbtft_framebuffer_alloc(), the memory allocated by
framebuffer_alloc() is not released on the error path that txbuflen > 0
and txbuf, which holds the return value of devm_kzalloc(), is NULL.
This will result in a memory leak bug.
Signed-off-by: Xidong Wang <[email protected]>
---
drivers/staging/fbtft/fbtft-core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index 0e36b66..169e9dc 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -819,7 +819,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
if (par->gamma.curves && gamma) {
if (fbtft_gamma_parse_str(par,
par->gamma.curves, gamma, strlen(gamma)))
- goto alloc_fail;
+ goto err_info;
}
/* Transmit buffer */
@@ -872,6 +872,9 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
return info;
+err_info:
+ framebuffer_release(info);
+
alloc_fail:
vfree(vmem);
--
2.7.4
On Tue, Apr 03, 2018 at 09:14:28PM +0800, Xidong Wang wrote:
> From: Xidong Wang <[email protected]>
>
> In function fbtft_framebuffer_alloc(), the memory allocated by
> framebuffer_alloc() is not released on the error path that txbuflen > 0
> and txbuf, which holds the return value of devm_kzalloc(), is NULL.
> This will result in a memory leak bug.
>
> Signed-off-by: Xidong Wang <[email protected]>
> ---
> drivers/staging/fbtft/fbtft-core.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
There is a typo in the subject. It should be "Staging" instead of
"taging:".
On Tue, Apr 03, 2018 at 09:14:28PM +0800, Xidong Wang wrote:
> From: Xidong Wang <[email protected]>
>
> In function fbtft_framebuffer_alloc(), the memory allocated by
> framebuffer_alloc() is not released on the error path that txbuflen > 0
> and txbuf, which holds the return value of devm_kzalloc(), is NULL.
> This will result in a memory leak bug.
The txbuf chunk seems to have been dropped. You're right that it needs
to be fixed as well.
if (txbuflen > 0) {
txbuf = devm_kzalloc(par->info->device, txbuflen, GFP_KERNEL);
if (!txbuf)
- goto alloc_fail;
+ goto err_info;
regards,
dan carpenter