LinuxLists.cc - [PATCH] video: fbdev: savage: fix memory leak on error handling path in probe

2020-06-19 16:25:08

Subject: [PATCH] video: fbdev: savage: fix memory leak on error handling path in probe

savagefb_probe() calls savage_init_fb_info() that can successfully
allocate memory for info->pixmap.addr but then fail when
fb_alloc_cmap() fails. savagefb_probe() goes to label failed_init and
does not free allocated memory. It is not valid to go to label
failed_mmio since savage_init_fb_info() can fail during memory
allocation as well. So, the patch free allocated memory on the error
handling path in savage_init_fb_info() itself.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Evgeny Novikov <[email protected]>
---
drivers/video/fbdev/savage/savagefb_driver.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c
index 3c8ae87f0ea7..3fd87aeb6c79 100644
--- a/drivers/video/fbdev/savage/savagefb_driver.c
+++ b/drivers/video/fbdev/savage/savagefb_driver.c
@@ -2157,6 +2157,8 @@ static int savage_init_fb_info(struct fb_info *info, struct pci_dev *dev,
info->flags |= FBINFO_HWACCEL_COPYAREA |
FBINFO_HWACCEL_FILLRECT |
FBINFO_HWACCEL_IMAGEBLIT;
+ else
+ kfree(info->pixmap.addr);
}
#endif
return err;
--
2.16.4

2020-07-10 14:24:46

by Bartlomiej Zolnierkiewicz

[permalink] [raw]

Subject: Re: [PATCH] video: fbdev: savage: fix memory leak on error handling path in probe

On 6/19/20 6:21 PM, Evgeny Novikov wrote:
> savagefb_probe() calls savage_init_fb_info() that can successfully
> allocate memory for info->pixmap.addr but then fail when
> fb_alloc_cmap() fails. savagefb_probe() goes to label failed_init and
> does not free allocated memory. It is not valid to go to label
> failed_mmio since savage_init_fb_info() can fail during memory
> allocation as well. So, the patch free allocated memory on the error
> handling path in savage_init_fb_info() itself.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Evgeny Novikov <[email protected]>

Applied to drm-misc-next tree, thanks.

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

> ---
> drivers/video/fbdev/savage/savagefb_driver.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c
> index 3c8ae87f0ea7..3fd87aeb6c79 100644
> --- a/drivers/video/fbdev/savage/savagefb_driver.c
> +++ b/drivers/video/fbdev/savage/savagefb_driver.c
> @@ -2157,6 +2157,8 @@ static int savage_init_fb_info(struct fb_info *info, struct pci_dev *dev,
> info->flags |= FBINFO_HWACCEL_COPYAREA |
> FBINFO_HWACCEL_FILLRECT |
> FBINFO_HWACCEL_IMAGEBLIT;
> + else
> + kfree(info->pixmap.addr);
> }
> #endif
> return err;
>