Re: [PATCH 1/1] video, sm501: Fix buffer errors in OF binding code

[Helge Deller]

On 6/8/26 14:42, David Laight wrote:
> The code that gets the frame buffer mode from OF has 'use after free',
> 'buffer overrun' and memory leaks.
>
> info->edid_data isn't free if the probe functions fail or if
> pd->def_mode is set.
>
> If both the CRT and PANEL are enabled info->edid_data is used after
> being freed and is freed twice.
>
> The string returned by of_get_property(np, "mode", &len) is just
> written over either the static "640x480-16@60" or the module parameter
> string without any regard for the length (which is most likely longer).
>
> Use kstrump() for the OF mode and free everything before freeing 'info.
>
> Fixes: 4295f9bf74a88 ("video, sm501: add OF binding to support SM501")
> Signed-off-by: David Laight <david.laight.linux@xxxxxxxxx>
> ---
>   drivers/video/fbdev/sm501fb.c | 16 ++++++++++++----
>   1 file changed, 12 insertions(+), 4 deletions(-)

applied.

Thanks!
Helge