2018-04-03 13:36:07

by Xidong Wang

[permalink] [raw]
Subject: [PATCH 1/1] taging: fbtft: fix memory leak

From: Xidong Wang <[email protected]>

In function fbtft_framebuffer_alloc(), the memory allocated by
framebuffer_alloc() is not released on the error path that txbuflen > 0
and txbuf, which holds the return value of devm_kzalloc(), is NULL.
This will result in a memory leak bug.

Signed-off-by: Xidong Wang <[email protected]>
---
drivers/staging/fbtft/fbtft-core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index 0e36b66..e92771e 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -836,7 +836,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
if (txbuflen > 0) {
txbuf = devm_kzalloc(par->info->device, txbuflen, GFP_KERNEL);
if (!txbuf)
- goto alloc_fail;
+ goto err_info;
par->txbuf.buf = txbuf;
par->txbuf.len = txbuflen;
}
@@ -872,6 +872,9 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,

return info;

+err_info:
+ framebuffer_release(info);
+
alloc_fail:
vfree(vmem);

--
2.7.4




2018-04-03 16:22:25

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 1/1] taging: fbtft: fix memory leak

On Tue, 2018-04-03 at 21:33 +0800, Xidong Wang wrote:
> From: Xidong Wang <[email protected]>
>
> In function fbtft_framebuffer_alloc(), the memory allocated by
> framebuffer_alloc() is not released on the error path that txbuflen > 0
> and txbuf, which holds the return value of devm_kzalloc(), is NULL.
> This will result in a memory leak bug.
[]
> diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
[]
> @@ -836,7 +836,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
> if (txbuflen > 0) {
> txbuf = devm_kzalloc(par->info->device, txbuflen, GFP_KERNEL);
> if (!txbuf)
> - goto alloc_fail;
> + goto err_info;
> par->txbuf.buf = txbuf;
> par->txbuf.len = txbuflen;
> }
> @@ -872,6 +872,9 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
>
> return info;
>
> +err_info:
> + framebuffer_release(info);
> +
> alloc_fail:
> vfree(vmem);

What about the

if (par->gamma.curves && gamma) {
if (fbtft_gamma_parse_str(par,
par->gamma.curves, gamma, strlen(gamma)))
goto alloc_fail;
}

a little above this?

Presumable then it should goto err_info too.