From: Kieran Bingham <kieran.bingham@ideasonboard.com>
To: Ameer Hamza <amhamza.mgc@gmail.com>,
agross@kernel.org, bjorn.andersson@linaro.org,
mchehab@kernel.org, stanimir.varbanov@linaro.org
Cc: linux-media@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-kernel@vger.kernel.org, amhamza.mgc@gmail.com
Subject: Re: [PATCH] media: venus: vdec: fixed possible memory leak issue
Date: Sat, 04 Dec 2021 20:29:38 +0000 [thread overview]
Message-ID: <163864977875.3153335.18099399866051099554@Monstersaurus> (raw)
In-Reply-To: <20211204121123.22180-1-amhamza.mgc@gmail.com>
Hi Ameer,
Quoting Ameer Hamza (2021-12-04 12:11:23)
> Fixed coverity warning by freeing the allocated memory before return
>
> Addresses-Coverity: 1494120 ("Resource leak")
>
> Signed-off-by: Ameer Hamza <amhamza.mgc@gmail.com>
> ---
> drivers/media/platform/qcom/venus/helpers.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/media/platform/qcom/venus/helpers.c b/drivers/media/platform/qcom/venus/helpers.c
> index 84c3a511ec31..344a42853898 100644
> --- a/drivers/media/platform/qcom/venus/helpers.c
> +++ b/drivers/media/platform/qcom/venus/helpers.c
> @@ -197,6 +197,7 @@ int venus_helper_alloc_dpb_bufs(struct venus_inst *inst)
>
> id = ida_alloc_min(&inst->dpb_ids, VB2_MAX_FRAME, GFP_KERNEL);
> if (id < 0) {
> + kfree(buf);
> ret = id;
> goto fail;
Indeed, this is definitely a leak here.
Normally I think resources would be cleaned up in the fail path in a
situation like this.
That would then make sure that all paths out of this loop will free on
error.
If buf is null, kfree(null) is a valid noop call, so it will not
adversely affect the kzalloc() fail path.
Given that, I would suspect that a cleaner fix is to move the kfree()
from after " if (!buf->va) { " to immediately after the fail label so
that both dma_alloc_attrs() and ida_alloc_min() failures are cleaned up
in the same way by the same error path.
That way, if anyone later adds another operation in this loop, it won't
get missed and will also clean up correctly.
Regards
--
Kieran
> }
> --
> 2.25.1
>
next prev parent reply other threads:[~2021-12-04 20:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-04 12:11 [PATCH] media: venus: vdec: fixed possible memory leak issue Ameer Hamza
2021-12-04 20:29 ` Kieran Bingham [this message]
2021-12-04 20:55 ` [PATCH v2] " Ameer Hamza
2021-12-06 9:55 ` Kieran Bingham
2021-12-06 10:11 ` Kieran Bingham
2021-12-06 10:43 ` [PATCH v3] " Ameer Hamza
2021-12-06 11:32 ` Kieran Bingham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=163864977875.3153335.18099399866051099554@Monstersaurus \
--to=kieran.bingham@ideasonboard.com \
--cc=agross@kernel.org \
--cc=amhamza.mgc@gmail.com \
--cc=bjorn.andersson@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=stanimir.varbanov@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).