LinuxLists.cc - [PATCH] media: uvcvideo: fix possible memory leak issue

2021-12-08 17:42:08

Subject: [PATCH] media: uvcvideo: fix possible memory leak issue

In uvc_ioctl_ctrl_map() implementation, there is a possibility of memory
leak if control id name is not listed and kmemdup() is failed somehow.
This is a rare scenario but possible.

Addresses-Coverity: 1494069 (Resource leak)
Signed-off-by: Ameer Hamza <[email protected]>
---
drivers/media/usb/uvc/uvc_v4l2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index f4e4aff8ddf7..711556d13d03 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -44,8 +44,10 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
if (v4l2_ctrl_get_name(map->id) == NULL) {
map->name = kmemdup(xmap->name, sizeof(xmap->name),
GFP_KERNEL);
- if (!map->name)
- return -ENOMEM;
+ if (!map->name) {
+ ret = -ENOMEM;
+ goto free_map;
+ }
}
memcpy(map->entity, xmap->entity, sizeof(map->entity));
map->selector = xmap->selector;
--
2.25.1

2021-12-09 08:54:22

by Ricardo Ribalda

[permalink] [raw]

Subject: Re: [PATCH] media: uvcvideo: fix possible memory leak issue

Hi Ameer

Thanks for the patch.

It is already covered by
https://lore.kernel.org/lkml/[email protected]/
which is in the staging branch of the media tree.

Thanks!

On Thu, 9 Dec 2021 at 01:33, Ameer Hamza <[email protected]> wrote:
>
> In uvc_ioctl_ctrl_map() implementation, there is a possibility of memory
> leak if control id name is not listed and kmemdup() is failed somehow.
> This is a rare scenario but possible.
>
> Addresses-Coverity: 1494069 (Resource leak)
> Signed-off-by: Ameer Hamza <[email protected]>
> ---
> drivers/media/usb/uvc/uvc_v4l2.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
> index f4e4aff8ddf7..711556d13d03 100644
> --- a/drivers/media/usb/uvc/uvc_v4l2.c
> +++ b/drivers/media/usb/uvc/uvc_v4l2.c
> @@ -44,8 +44,10 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
> if (v4l2_ctrl_get_name(map->id) == NULL) {
> map->name = kmemdup(xmap->name, sizeof(xmap->name),
> GFP_KERNEL);
> - if (!map->name)
> - return -ENOMEM;
> + if (!map->name) {
> + ret = -ENOMEM;
> + goto free_map;
> + }
> }
> memcpy(map->entity, xmap->entity, sizeof(map->entity));
> map->selector = xmap->selector;
> --
> 2.25.1
>

--
Ricardo Ribalda