Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp14401622pxu; Tue, 5 Jan 2021 00:02:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJzCiYurwy2AZJSCP72tKHfDsFK1NHlPhZ2vyWYawJ4+1lOFFYRLXKtaSRFCk59WLkOJR8wc X-Received: by 2002:a17:906:3ac3:: with SMTP id z3mr39077543ejd.449.1609833746091; Tue, 05 Jan 2021 00:02:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609833746; cv=none; d=google.com; s=arc-20160816; b=0qcy9WXQ2ddpYgSHd3g9qLbmtEejhm8HofGace9IQHjBmpgCy8hOPxpZDfKirszriS tG23a1gZzK+PSEmUfK8RSsO7riQxcH9wZ2QJa8WRaSPnWeNhY+oQTEBrNxjKDQmrJ8C5 RsL2eJgN+1Qsf5hhhD1XpWuI2PZZoMP9uVzdhv0VYoqy0ZGqSpReD8SHdjuUe4PRQHEE GpSH715U5b7tNOWyHAtrDilXkKztcD8IhQWy/AA7r7VOhIWSM+7rXDKmpfPsBDFLz+JG KWmce29gbYy9H4zCbHhXu09FD71J0qxqwZ8CfpFFYcmlfDMhHw2GXWLUXOTVW4YzKfzu Ru9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=Z6LdPnGyf95YG+7Aok4Sz/O0vbbH06nK7r0kUF7NSkw=; b=uCeYIyn0lp0NSFevFD18R9woASPrN58XXY/cy+tfB2z2NJat5BKO4yLZs5or7SUtJL xouWUMC6Iry/i5tw8dkadAPqYfuNt6c6Hk2hdLsos4U8Ps0QSKw/hAdsoehWulKC5P+l z/8bMWjfR0YOpZtGse2atGhFp7rP7BbVnig/CoYm/1O4E/2ExXQvErHTGDqwxWOlejZa Z9rxSYmsJN0z0o/FouYaEQ/lxIc75e+qNwyU1yH5sumfaXbCtuFhD2W9WOyStEfhGHVE g4oWiz7fI/J+ZyIyNtKpFcNAf4YBMh3EVvrpiQIdg+/I8tQqmHbgkVInXTt6K56Md/5H 8gpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a15si33674449edb.360.2021.01.05.00.02.02; Tue, 05 Jan 2021 00:02:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727371AbhAEIAk (ORCPT + 99 others); Tue, 5 Jan 2021 03:00:40 -0500 Received: from mail.zju.edu.cn ([61.164.42.155]:56306 "EHLO zju.edu.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726097AbhAEIAk (ORCPT ); Tue, 5 Jan 2021 03:00:40 -0500 Received: from localhost.localdomain (unknown [222.205.25.254]) by mail-app3 (Coremail) with SMTP id cC_KCgAXbthKHPRfU0UJAA--.6516S4; Tue, 05 Jan 2021 15:59:10 +0800 (CST) From: Dinghao Liu To: dinghao.liu@zju.edu.cn, kjlu@umn.edu Cc: Mauro Carvalho Chehab , Laurent Dufour , Andrew Morton , "Gustavo A. R. Silva" , Vlastimil Babka , Michel Lespinasse , Ricardo Cerqueira , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] media: v4l2: Fix memleak in videobuf_read_one Date: Tue, 5 Jan 2021 15:59:02 +0800 Message-Id: <20210105075904.27102-1-dinghao.liu@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: cC_KCgAXbthKHPRfU0UJAA--.6516S4 X-Coremail-Antispam: 1UD129KBjvJXoW7KryUtF4xCr13Cr4DWrWUtwb_yoW8GFykpF Z0yry3CryUWw1xC3Z7JFnrW3s8K34ktFWrurWxKw1fCw15Jwn3Xa48Ga4UWrWkCanrtF1Y qr1DAr95CF45ZF7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9q1xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AE w4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2 IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW0oVCq3wA2z4x0Y4vEx4A2 jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS0I0E0xvYzxvE52 x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWU GwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI4 8JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2xKxwCY02Avz4vE 14v_GF4l42xK82IYc2Ij64vIr41l42xK82IY6x8ErcxFaVAv8VW8uw4UJr1UMxC20s026x CaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_ JrWlx4CE17CEb7AF67AKxVWUtVW8ZwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r 1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8JVWxJwCI42IY6xAIw20EY4v20xvaj40_ WFyUJVCq3wCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r 4UJbIYCTnIWIevJa73UjIFyTuYvjfUYMKZDUUUU X-CM-SenderInfo: qrrzjiaqtzq6lmxovvfxof0/1tbiAgMQBlZdtR1gpwAGs1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When videobuf_waiton() fails, we should execute clean functions to prevent memleak. It's the same when __videobuf_copy_to_user() fails. Fixes: 7a7d9a89d0307 ("V4L/DVB (6251): Replace video-buf to a more generic approach") Signed-off-by: Dinghao Liu --- drivers/media/v4l2-core/videobuf-core.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/media/v4l2-core/videobuf-core.c b/drivers/media/v4l2-core/videobuf-core.c index 606a271bdd2d..0709b75d11cd 100644 --- a/drivers/media/v4l2-core/videobuf-core.c +++ b/drivers/media/v4l2-core/videobuf-core.c @@ -924,8 +924,12 @@ ssize_t videobuf_read_one(struct videobuf_queue *q, /* wait until capture is done */ retval = videobuf_waiton(q, q->read_buf, nonblocking, 1); - if (0 != retval) + if (retval != 0) { + q->ops->buf_release(q, q->read_buf); + kfree(q->read_buf); + q->read_buf = NULL; goto done; + } CALL(q, sync, q, q->read_buf); @@ -940,8 +944,12 @@ ssize_t videobuf_read_one(struct videobuf_queue *q, /* Copy to userspace */ retval = __videobuf_copy_to_user(q, q->read_buf, data, count, nonblocking); - if (retval < 0) + if (retval < 0) { + q->ops->buf_release(q, q->read_buf); + kfree(q->read_buf); + q->read_buf = NULL; goto done; + } q->read_off += retval; if (q->read_off == q->read_buf->size) { -- 2.17.1