When alloc_scq fails, card->vcs[0] (i.e. vc) should be freed. Otherwise,
in the following call chain:
idt77252_init_one
|-> idt77252_dev_open
|-> open_card_ubr0
|-> alloc_scq [failed]
|-> deinit_card
|-> vfree(card->vcs);
card->vcs is freed and card->vcs[0] is leaked.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Zhipeng Lu <[email protected]>
---
drivers/atm/idt77252.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index e327a0229dc1..e7f713cd70d3 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -2930,6 +2930,8 @@ open_card_ubr0(struct idt77252_dev *card)
vc->scq = alloc_scq(card, vc->class);
if (!vc->scq) {
printk("%s: can't get SCQ.\n", card->name);
+ kfree(card->vcs[0]);
+ card->vcs[0] = NULL;
return -ENOMEM;
}
--
2.34.1
Thu, Feb 01, 2024 at 01:41:05PM CET, [email protected] wrote:
>When alloc_scq fails, card->vcs[0] (i.e. vc) should be freed. Otherwise,
>in the following call chain:
>
>idt77252_init_one
> |-> idt77252_dev_open
> |-> open_card_ubr0
> |-> alloc_scq [failed]
> |-> deinit_card
> |-> vfree(card->vcs);
>
>card->vcs is freed and card->vcs[0] is leaked.
>
>Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>Signed-off-by: Zhipeng Lu <[email protected]>
Reviewed-by: Jiri Pirko <[email protected]>
Hello:
This patch was applied to netdev/net.git (main)
by David S. Miller <[email protected]>:
On Thu, 1 Feb 2024 20:41:05 +0800 you wrote:
> When alloc_scq fails, card->vcs[0] (i.e. vc) should be freed. Otherwise,
> in the following call chain:
>
> idt77252_init_one
> |-> idt77252_dev_open
> |-> open_card_ubr0
> |-> alloc_scq [failed]
> |-> deinit_card
> |-> vfree(card->vcs);
>
> [...]
Here is the summary with links:
- atm: idt77252: fix a memleak in open_card_ubr0
https://git.kernel.org/netdev/net/c/f3616173bf9b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html