[PATCH AUTOSEL 5.2 142/249] media: staging: davinci: fix memory leaks and check for allocation failure

From: Sasha Levin
Date: Mon Jul 15 2019 - 09:55:30 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 5.2 143/249] ipvs: defer hook registration to avoid leaks"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.2 141/249] ipsec: select crypto ciphers for xfrm_algo"
In reply to: Sasha Levin: "[PATCH AUTOSEL 5.2 141/249] ipsec: select crypto ciphers for xfrm_algo"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.2 143/249] ipvs: defer hook registration to avoid leaks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

[ Upstream commit a84e355ecd3ed9759d7aaa40170aab78e2a68a06 ]

There are three error return paths that don't kfree params causing a
memory leak. Fix this by adding an error return path that kfree's
params before returning. Also add a check to see params failed to
be allocated.

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/staging/media/davinci_vpfe/dm365_ipipe.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
index 30e2edc0cec5..b88855c7ffe8 100644
--- a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
+++ b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
@@ -1251,10 +1251,10 @@ static int ipipe_s_config(struct v4l2_subdev *sd, struct vpfe_ipipe_config *cfg)
struct vpfe_ipipe_device *ipipe = v4l2_get_subdevdata(sd);
unsigned int i;
int rval = 0;
+ struct ipipe_module_params *params;

for (i = 0; i < ARRAY_SIZE(ipipe_modules); i++) {
const struct ipipe_module_if *module_if;
- struct ipipe_module_params *params;
void *from, *to;
size_t size;

@@ -1265,25 +1265,30 @@ static int ipipe_s_config(struct v4l2_subdev *sd, struct vpfe_ipipe_config *cfg)
from = *(void **)((void *)cfg + module_if->config_offset);

params = kmalloc(sizeof(*params), GFP_KERNEL);
+ if (!params)
+ return -ENOMEM;
to = (void *)params + module_if->param_offset;
size = module_if->param_size;

if (to && from && size) {
if (copy_from_user(to, (void __user *)from, size)) {
rval = -EFAULT;
- break;
+ goto error_free;
}
rval = module_if->set(ipipe, to);
if (rval)
- goto error;
+ goto error_free;
} else if (to && !from && size) {
rval = module_if->set(ipipe, NULL);
if (rval)
- goto error;
+ goto error_free;
}
kfree(params);
}
-error:
+ return rval;
+
+error_free:
+ kfree(params);
return rval;
}

--
2.20.1

Next message: Sasha Levin: "[PATCH AUTOSEL 5.2 143/249] ipvs: defer hook registration to avoid leaks"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.2 141/249] ipsec: select crypto ciphers for xfrm_algo"
In reply to: Sasha Levin: "[PATCH AUTOSEL 5.2 141/249] ipsec: select crypto ciphers for xfrm_algo"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.2 143/249] ipvs: defer hook registration to avoid leaks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]