RE: [PATCH v2] wifi: rtw89: debug: Fix memory leak in __print_txpwr_map()

From: Zong-Zhe Yang

Date: Mon Jan 19 2026 - 22:27:58 EST

Zilin Guan <zilin@xxxxxxxxxx> wrote:
>
> In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
> If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
> without freeing bufp, leading to a memory leak.
>
> Since the validation of max_valid_addr does not depend on the allocated
> memory, fix this by moving the vzalloc() call after the check.
>
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
>
> Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
> Suggested-by: Zong-Zhe Yang <kevin_yang@xxxxxxxxxxx>
> Signed-off-by: Zilin Guan <zilin@xxxxxxxxxx>
> ---
> Changes in v2:
> - Move memory allocation after validation check to avoid leak.
>
> drivers/net/wireless/realtek/rtw89/debug.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw89/debug.c
> b/drivers/net/wireless/realtek/rtw89/debug.c
> index 1264c2f82600..987eef8170f2 100644
> --- a/drivers/net/wireless/realtek/rtw89/debug.c
> +++ b/drivers/net/wireless/realtek/rtw89/debug.c
> @@ -825,10 +825,6 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> *buf, size_t buf
> s8 *bufp, tmp;
> int ret;
>
> - bufp = vzalloc(map->addr_to - map->addr_from + 4);
> - if (!bufp)
> - return -ENOMEM;
> -
> if (path_num == 1)
> max_valid_addr = map->addr_to_1ss;
> else
> @@ -837,6 +833,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> *buf, size_t buf
> if (max_valid_addr == 0)
> return -EOPNOTSUPP;
>
> + bufp = vzalloc(map->addr_to - map->addr_from + 4);
> + if (!bufp)
> + return -ENOMEM;
> +
> for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
> ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
> if (ret)
> --
> 2.34.1

Looks good to me.
Thanks.