From: Colin Ian King <[email protected]>
Currently when the allocation of map->name fails the error exit path
does not kfree the previously allocated object map. Fix this by
setting ret to -ENOMEM and taking the free_map exit error path to
ensure map is kfree'd.
Addresses-Coverity: ("Resource leak")
Fixes: 07adedb5c606 ("media: uvcvideo: Use control names from framework")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/media/usb/uvc/uvc_v4l2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index f4e4aff8ddf7..711556d13d03 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -44,8 +44,10 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
if (v4l2_ctrl_get_name(map->id) == NULL) {
map->name = kmemdup(xmap->name, sizeof(xmap->name),
GFP_KERNEL);
- if (!map->name)
- return -ENOMEM;
+ if (!map->name) {
+ ret = -ENOMEM;
+ goto free_map;
+ }
}
memcpy(map->entity, xmap->entity, sizeof(map->entity));
map->selector = xmap->selector;
--
2.32.0
Hi Collin
Thanks for catching it up.
On Fri, 17 Sept 2021 at 13:49, Colin King <[email protected]> wrote:
>
> From: Colin Ian King <[email protected]>
>
> Currently when the allocation of map->name fails the error exit path
> does not kfree the previously allocated object map. Fix this by
> setting ret to -ENOMEM and taking the free_map exit error path to
> ensure map is kfree'd.
>
> Addresses-Coverity: ("Resource leak")
> Fixes: 07adedb5c606 ("media: uvcvideo: Use control names from framework")
> Signed-off-by: Colin Ian King <[email protected]>
Reviewed-by: Ricardo Ribalda <[email protected]>
> ---
> drivers/media/usb/uvc/uvc_v4l2.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
> index f4e4aff8ddf7..711556d13d03 100644
> --- a/drivers/media/usb/uvc/uvc_v4l2.c
> +++ b/drivers/media/usb/uvc/uvc_v4l2.c
> @@ -44,8 +44,10 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
> if (v4l2_ctrl_get_name(map->id) == NULL) {
> map->name = kmemdup(xmap->name, sizeof(xmap->name),
> GFP_KERNEL);
> - if (!map->name)
> - return -ENOMEM;
> + if (!map->name) {
> + ret = -ENOMEM;
> + goto free_map;
> + }
> }
> memcpy(map->entity, xmap->entity, sizeof(map->entity));
> map->selector = xmap->selector;
> --
> 2.32.0
>
--
Ricardo Ribalda
Hi Colin,
Thank you for the patch.
On Fri, Sep 17, 2021 at 12:49:30PM +0100, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Currently when the allocation of map->name fails the error exit path
> does not kfree the previously allocated object map. Fix this by
> setting ret to -ENOMEM and taking the free_map exit error path to
> ensure map is kfree'd.
>
> Addresses-Coverity: ("Resource leak")
> Fixes: 07adedb5c606 ("media: uvcvideo: Use control names from framework")
That's not the right commit ID, it should be 70fa906d6fce.
> Signed-off-by: Colin Ian King <[email protected]>
Reviewed-by: Laurent Pinchart <[email protected]>
Mauro, could you add this in your tree for v5.16 ?
> ---
> drivers/media/usb/uvc/uvc_v4l2.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
> index f4e4aff8ddf7..711556d13d03 100644
> --- a/drivers/media/usb/uvc/uvc_v4l2.c
> +++ b/drivers/media/usb/uvc/uvc_v4l2.c
> @@ -44,8 +44,10 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
> if (v4l2_ctrl_get_name(map->id) == NULL) {
> map->name = kmemdup(xmap->name, sizeof(xmap->name),
> GFP_KERNEL);
> - if (!map->name)
> - return -ENOMEM;
> + if (!map->name) {
> + ret = -ENOMEM;
> + goto free_map;
> + }
> }
> memcpy(map->entity, xmap->entity, sizeof(map->entity));
> map->selector = xmap->selector;
--
Regards,
Laurent Pinchart