Re: [PATCH] cifs: client: fix memory leak in smb3_fs_context_parse_param

Next message: Benjamin Block: "Re: [PATCH 2/2] PCI/IOV: Fix race between SR-IOV enable/disable and hotplug"
Previous message: libaokun: "[PATCH v2 18/24] ext4: support large block size in mpage_map_and_submit_buffers()"
In reply to: Edward Adam Davis: "[PATCH] cifs: client: fix memory leak in smb3_fs_context_parse_param"
Next in thread: Steve French: "Re: [PATCH] cifs: client: fix memory leak in smb3_fs_context_parse_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paulo Alcantara

Date: Fri Nov 07 2025 - 09:51:55 EST

Edward Adam Davis <eadavis@xxxxxx> writes:

> The user calls fsconfig twice, but when the program exits, free() only
> frees ctx->source for the second fsconfig, not the first.
> Regarding fc->source, there is no code in the fs context related to its
> memory reclamation.
>
> To fix this memory leak, release the source memory corresponding to ctx
> or fc before each parsing.
>
> syzbot reported:
> BUG: memory leak
> unreferenced object 0xffff888128afa360 (size 96):
> backtrace (crc 79c9c7ba):
> kstrdup+0x3c/0x80 mm/util.c:84
> smb3_fs_context_parse_param+0x229b/0x36c0 fs/smb/client/fs_context.c:1444
>
> BUG: memory leak
> unreferenced object 0xffff888112c7d900 (size 96):
> backtrace (crc 79c9c7ba):
> smb3_fs_context_fullpath+0x70/0x1b0 fs/smb/client/fs_context.c:629
> smb3_fs_context_parse_param+0x2266/0x36c0 fs/smb/client/fs_context.c:1438
>
> Reported-by: syzbot+72afd4c236e6bc3f4bac@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=72afd4c236e6bc3f4bac
> Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
> ---
> fs/smb/client/fs_context.c | 2 ++
> 1 file changed, 2 insertions(+)

Reviewed-by: Paulo Alcantara (Red Hat) <pc@xxxxxxxxxxxxx>