Received: by 2002:a05:6520:4211:b029:f4:110d:56bc with SMTP id o17csp2108375lkv; Thu, 20 May 2021 03:36:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4bBAMZ9b/n/rUxOyFFTCRoNE0JdaTq6GXMl5shLpOafOLHYvKqMwHfQcSyAR+1lm5LKyd X-Received: by 2002:a05:6e02:1204:: with SMTP id a4mr5139400ilq.158.1621506987918; Thu, 20 May 2021 03:36:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621506987; cv=none; d=google.com; s=arc-20160816; b=dArEC7kudtXb+o4s62EregSdP31pPE2rzwIrNvY4jd9d7Nm1S0v4qbEr4Zrammb2XP nvPaTyzppCl8APltSqtVIo99PM6KMTx2Wn/ceB5WsXLicdoTFjYxRBoJ8Sscad5hUio5 dUzAGxSQ29edvoN0u7XHCYwBAXn3cNeVmeIWDQybxGYHzIhS6fPz28+TDIjwDyqH1f2W plI47mpUvzJZrzbIpJ0kIpSArPE9cF2QiEIXRalXHWuajfGYnoxdnhW51eTDU431Jvps cHWnQzCU0srxt2gJYOV9LbpXLLc0xm3c8Es3loSkkpY2FUIsm9or2JZyrqJIOO42MRlZ BGgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DdbQObx5BFUlHci+dg8hJ3FQUp+PSs5MOtennlue9ig=; b=Kqg0npdt/TuSunzU4ukyaMNPFaE3Dmn6pTaPycy3/N2zdLZ/P2HJcUPfZFQ4SIDQZW xIKw2NL+6o4RJk7p3Gw1Q+LWQVKWxa4ylYJ0gScNaiiDRx8oCED3R+rFiVjrnfVWCS6c 4gJ+TwO/7WTQONgF6QG8WEIYJ49eXCf9gGki9zusSu5rP0p7oNtp4kANET6Kvp0QmFHR A991NCfmX1mF8Lv9+zsGBsPxIJb5UDpOdW++useowWmRqRC5QxhutLoTPgDfq6wPP5T4 hDS6Ri8YKWN3hnGRO+MKK9AkAPilZUSECJPdud3Sy2huNN93SfgYGJj3Rkl5xbXQrOD8 JTlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JSLgInHM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o10si2213164ilc.147.2021.05.20.03.35.52; Thu, 20 May 2021 03:36:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JSLgInHM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237768AbhETKfb (ORCPT + 99 others); Thu, 20 May 2021 06:35:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:51822 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234899AbhETKWf (ORCPT ); Thu, 20 May 2021 06:22:35 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5889E619CB; Thu, 20 May 2021 09:48:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621504100; bh=wM7yELGGoQUIIgVGwNKkaV5u+Hvf296NTfg7VcFFkt4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JSLgInHMzIz9VkwmWrYQe0xhP7E9OFqgAZ/klZVUd73gw0lLgWCqZN/p2D4CdS/uO 7ltS8mTHE7nIonAQM/HYwtHGYbnkajcvEAlA8VhOYu5H4xAr/m2oSA+/0n4zmER292 q2fPPvRneHvHlpcLPxhAfoxh9UOT82WFIPqZkd7k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com, Muhammad Usama Anjum , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: [PATCH 4.14 058/323] media: em28xx: fix memory leak Date: Thu, 20 May 2021 11:19:10 +0200 Message-Id: <20210520092122.100656613@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210520092120.115153432@linuxfoundation.org> References: <20210520092120.115153432@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Muhammad Usama Anjum [ Upstream commit 0ae10a7dc8992ee682ff0b1752ff7c83d472eef1 ] If some error occurs, URB buffers should also be freed. If they aren't freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB buffers as dvb is set to NULL. The function in which error occurs should do all the cleanup for the allocations it had done. Tested the patch with the reproducer provided by syzbot. This patch fixes the memleak. Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com Signed-off-by: Muhammad Usama Anjum Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/usb/em28xx/em28xx-dvb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c index 29cdaaf1ed90..3667373f14d2 100644 --- a/drivers/media/usb/em28xx/em28xx-dvb.c +++ b/drivers/media/usb/em28xx/em28xx-dvb.c @@ -2056,6 +2056,7 @@ ret: return result; out_free: + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE); kfree(dvb); dev->dvb = NULL; goto ret; -- 2.30.2