LinuxLists.cc - [PATCH] video: fbdev: neofb: fix memory leak in neo_scan

2020-06-30 21:07:42

Subject: [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor()

neofb_probe() calls neo_scan_monitor() that can successfully allocate a
memory for info->monspecs.modedb and proceed to case 0x03. There it does
not free the memory and returns -1. neofb_probe() goes to label
err_scan_monitor, thus, it does not free this memory through calling
fb_destroy_modedb() as well. We can not go to label err_init_hw since
neo_scan_monitor() can fail during memory allocation. So, the patch frees
the memory directly for case 0x03.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Evgeny Novikov <[email protected]>
---
drivers/video/fbdev/neofb.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c
index f5a676bfd67a..09a20d4ab35f 100644
--- a/drivers/video/fbdev/neofb.c
+++ b/drivers/video/fbdev/neofb.c
@@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info)
#else
printk(KERN_ERR
"neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
+ kfree(info->monspecs.modedb);
return -1;
#endif
default:
--
2.16.4

2020-07-10 14:26:43

by Bartlomiej Zolnierkiewicz

[permalink] [raw]

Subject: Re: [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor()

On 6/30/20 9:54 PM, Evgeny Novikov wrote:
> neofb_probe() calls neo_scan_monitor() that can successfully allocate a
> memory for info->monspecs.modedb and proceed to case 0x03. There it does
> not free the memory and returns -1. neofb_probe() goes to label
> err_scan_monitor, thus, it does not free this memory through calling
> fb_destroy_modedb() as well. We can not go to label err_init_hw since
> neo_scan_monitor() can fail during memory allocation. So, the patch frees
> the memory directly for case 0x03.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Evgeny Novikov <[email protected]>

Applied to drm-misc-next tree, thanks.

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

> ---
> drivers/video/fbdev/neofb.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c
> index f5a676bfd67a..09a20d4ab35f 100644
> --- a/drivers/video/fbdev/neofb.c
> +++ b/drivers/video/fbdev/neofb.c
> @@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info)
> #else
> printk(KERN_ERR
> "neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
> + kfree(info->monspecs.modedb);
> return -1;
> #endif
> default:
>