Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2708555pxj; Mon, 10 May 2021 09:01:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTNaNek68Eow47m6sAkVxKgZ84mhK2BqIt36zkikxviQ4NduvgqdtWp9uMj3jZdMrfTJIc X-Received: by 2002:a6b:b7c3:: with SMTP id h186mr18811944iof.14.1620662468986; Mon, 10 May 2021 09:01:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620662468; cv=none; d=google.com; s=arc-20160816; b=zQZ1VANdHlOMvdOqXOuCuEbW5+VvU0sqVPF9oZKsv9FWAsuS78r16ZCKASmc9V2o1y bWgpUNfH35X2VtBTXY6zI/xDke6pJHpfANskEAFhCN8JYAM0AMfUZFUBB4E7CgbzEOSm CoDSyuB0C8Fm31ljXEyBJgqYg5WOEmhpIz+oAede2gzUfIDTRlh/zLCw0Pm5o5k/oM/Q cgKnknI/rb4PcV96yI346ipjYBz5G99iW+aAK9PaTPc0UjIg5NMk008vScY+RxeSfysH mkNxz1u8KrtkOxs1ihYyX8oGd2PhyPk7jtRrkmiCPYfMS1uQoc6EZCc0817G7W5NB5jq dzUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cgMq5Vh3nVV7unMgy//yL7m8MoAJR8pAtxRIY+LeLOs=; b=ufVLRXKo42YYCaOC9cZLJyuAmsql/YT/yseW+lEA4qEak18GFd7iZyuuDd9JbfP7dY MCVSo3uW1jnpQ5+ztsqS/j66lRJkZDTZWOZ8MmANZlZ8DuNQkWDz9V3Elomp46+OSCTr UeG28BBLcD8VhUrw2VjUxDBJ62Xgrs3qZ/cLgxjZGgvzW2rnGK8RrxnDW0dTdIH9LDq3 WBVgN80Ur97z0+ujwTdBAG7d/QrxpXs9SM0TZZba1raaSH0AYW3FJ2lI1e0/RcAV63Za cRSbggMdlaBUqP5Hhs1V6+K0L8XzmdVaZ9Za8mhK3y14Zju4p+E5z+xsNcG+EFkQ0Vi/ IyZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=W1xFCalh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j9si18004485ils.49.2021.05.10.09.00.55; Mon, 10 May 2021 09:01:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=W1xFCalh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242061AbhEJLkb (ORCPT + 99 others); Mon, 10 May 2021 07:40:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:53024 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235035AbhEJK5b (ORCPT ); Mon, 10 May 2021 06:57:31 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4892B61952; Mon, 10 May 2021 10:51:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620643879; bh=4p5NJe1BEEKVnw69vR2Ih0nK846XewJfLwVadjUya+Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W1xFCalhKRGBJRQgKMRo6OOaJVeU72TawOjkOAuCvJyR2hUDgYRICw5XqNby/beBJ 9Pz4wCCq7xAONbooSIwipckuCMR37o9U/U1Dfgmve4fISAxQHOEEvXKxsLNw1R0yrY fc/uCt+J80cV+2aZE8DT/Gkp6M7neis4lk+q68FM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com, Muhammad Usama Anjum , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 5.11 197/342] media: em28xx: fix memory leak Date: Mon, 10 May 2021 12:19:47 +0200 Message-Id: <20210510102016.593649646@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Muhammad Usama Anjum [ Upstream commit 0ae10a7dc8992ee682ff0b1752ff7c83d472eef1 ] If some error occurs, URB buffers should also be freed. If they aren't freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB buffers as dvb is set to NULL. The function in which error occurs should do all the cleanup for the allocations it had done. Tested the patch with the reproducer provided by syzbot. This patch fixes the memleak. Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com Signed-off-by: Muhammad Usama Anjum Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/usb/em28xx/em28xx-dvb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c index fb9cbfa81a84..3cd9e9556fa9 100644 --- a/drivers/media/usb/em28xx/em28xx-dvb.c +++ b/drivers/media/usb/em28xx/em28xx-dvb.c @@ -1984,6 +1984,7 @@ ret: return result; out_free: + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE); kfree(dvb); dev->dvb = NULL; goto ret; -- 2.30.2