* [PATCH] fbcon: Fix memleak when fbcon_set_font() fails
@ 2022-12-05 8:49 ` Chen Zhongjin
0 siblings, 0 replies; 2+ messages in thread
From: Chen Zhongjin @ 2022-12-05 8:49 UTC (permalink / raw)
To: linux-fbdev, dri-devel, stable, linux-kernel
Cc: syzbot+25bdb7b1703639abd498, geert+renesas, chenzhongjin, deller,
tzimmermann, sam
syzkaller reported a memleak:
https://syzkaller.appspot.com/bug?id=7cc8bce62e201c60e36ef0133dab7f6b8afbc626
BUG: memory leak
unreferenced object 0xffff888111648000 (size 18448):
backtrace:
[<ffffffff8250c359>] kmalloc
[<ffffffff8250c359>] fbcon_set_font+0x1a9/0x470
[<ffffffff8262cd59>] con_font_set
[<ffffffff8262cd59>] con_font_op+0x3a9/0x600
...
It's because when fbcon_do_set_font() fails in fbcon_set_font(), it
return error directly and doesn't free allocated memory 'new_data'.
Reported-by: syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
---
drivers/video/fbdev/core/fbcon.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index c0143d38df83..edb01d200b5b 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2480,7 +2480,7 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
int w = font->width;
int h = font->height;
int size;
- int i, csum;
+ int i, csum, ret;
u8 *new_data, *data = font->data;
int pitch = PITCH(font->width);
@@ -2539,7 +2539,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
break;
}
}
- return fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1);
+
+ ret = fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1);
+ if (ret && i > last_fb_vc)
+ kfree(new_data - FONT_EXTRA_WORDS * sizeof(int));
+ return ret;
}
static int fbcon_set_def_font(struct vc_data *vc, struct console_font *font, char *name)
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] fbcon: Fix memleak when fbcon_set_font() fails
@ 2022-12-05 8:49 ` Chen Zhongjin
0 siblings, 0 replies; 2+ messages in thread
From: Chen Zhongjin @ 2022-12-05 8:49 UTC (permalink / raw)
To: linux-fbdev, dri-devel, stable, linux-kernel
Cc: chenzhongjin, daniel, deller, sam, tzimmermann, geert+renesas,
syzbot+25bdb7b1703639abd498
syzkaller reported a memleak:
https://syzkaller.appspot.com/bug?id=7cc8bce62e201c60e36ef0133dab7f6b8afbc626
BUG: memory leak
unreferenced object 0xffff888111648000 (size 18448):
backtrace:
[<ffffffff8250c359>] kmalloc
[<ffffffff8250c359>] fbcon_set_font+0x1a9/0x470
[<ffffffff8262cd59>] con_font_set
[<ffffffff8262cd59>] con_font_op+0x3a9/0x600
...
It's because when fbcon_do_set_font() fails in fbcon_set_font(), it
return error directly and doesn't free allocated memory 'new_data'.
Reported-by: syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
---
drivers/video/fbdev/core/fbcon.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index c0143d38df83..edb01d200b5b 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2480,7 +2480,7 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
int w = font->width;
int h = font->height;
int size;
- int i, csum;
+ int i, csum, ret;
u8 *new_data, *data = font->data;
int pitch = PITCH(font->width);
@@ -2539,7 +2539,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
break;
}
}
- return fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1);
+
+ ret = fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1);
+ if (ret && i > last_fb_vc)
+ kfree(new_data - FONT_EXTRA_WORDS * sizeof(int));
+ return ret;
}
static int fbcon_set_def_font(struct vc_data *vc, struct console_font *font, char *name)
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-05 8:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-05 8:49 [PATCH] fbcon: Fix memleak when fbcon_set_font() fails Chen Zhongjin
2022-12-05 8:49 ` Chen Zhongjin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.