From: Evgeny Novikov <novikov@ispras.ru>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Evgeny Novikov <novikov@ispras.ru>,
Jani Nikula <jani.nikula@intel.com>,
Mike Rapoport <rppt@linux.ibm.com>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
Andrew Morton <akpm@linux-foundation.org>,
dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org,
linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org
Subject: [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor()
Date: Tue, 30 Jun 2020 22:54:51 +0300 [thread overview]
Message-ID: <20200630195451.18675-1-novikov@ispras.ru> (raw)
neofb_probe() calls neo_scan_monitor() that can successfully allocate a
memory for info->monspecs.modedb and proceed to case 0x03. There it does
not free the memory and returns -1. neofb_probe() goes to label
err_scan_monitor, thus, it does not free this memory through calling
fb_destroy_modedb() as well. We can not go to label err_init_hw since
neo_scan_monitor() can fail during memory allocation. So, the patch frees
the memory directly for case 0x03.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
---
drivers/video/fbdev/neofb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c
index f5a676bfd67a..09a20d4ab35f 100644
--- a/drivers/video/fbdev/neofb.c
+++ b/drivers/video/fbdev/neofb.c
@@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info)
#else
printk(KERN_ERR
"neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
+ kfree(info->monspecs.modedb);
return -1;
#endif
default:
--
2.16.4
WARNING: multiple messages have this Message-ID (diff)
From: Evgeny Novikov <novikov@ispras.ru>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: ldv-project@linuxtesting.org, linux-fbdev@vger.kernel.org,
Evgeny Novikov <novikov@ispras.ru>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
Mike Rapoport <rppt@linux.ibm.com>,
Jani Nikula <jani.nikula@intel.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor()
Date: Tue, 30 Jun 2020 19:54:51 +0000 [thread overview]
Message-ID: <20200630195451.18675-1-novikov@ispras.ru> (raw)
neofb_probe() calls neo_scan_monitor() that can successfully allocate a
memory for info->monspecs.modedb and proceed to case 0x03. There it does
not free the memory and returns -1. neofb_probe() goes to label
err_scan_monitor, thus, it does not free this memory through calling
fb_destroy_modedb() as well. We can not go to label err_init_hw since
neo_scan_monitor() can fail during memory allocation. So, the patch frees
the memory directly for case 0x03.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
---
drivers/video/fbdev/neofb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c
index f5a676bfd67a..09a20d4ab35f 100644
--- a/drivers/video/fbdev/neofb.c
+++ b/drivers/video/fbdev/neofb.c
@@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info)
#else
printk(KERN_ERR
"neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
+ kfree(info->monspecs.modedb);
return -1;
#endif
default:
--
2.16.4
WARNING: multiple messages have this Message-ID (diff)
From: Evgeny Novikov <novikov@ispras.ru>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: ldv-project@linuxtesting.org, linux-fbdev@vger.kernel.org,
Evgeny Novikov <novikov@ispras.ru>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
Mike Rapoport <rppt@linux.ibm.com>,
Jani Nikula <jani.nikula@intel.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor()
Date: Tue, 30 Jun 2020 22:54:51 +0300 [thread overview]
Message-ID: <20200630195451.18675-1-novikov@ispras.ru> (raw)
neofb_probe() calls neo_scan_monitor() that can successfully allocate a
memory for info->monspecs.modedb and proceed to case 0x03. There it does
not free the memory and returns -1. neofb_probe() goes to label
err_scan_monitor, thus, it does not free this memory through calling
fb_destroy_modedb() as well. We can not go to label err_init_hw since
neo_scan_monitor() can fail during memory allocation. So, the patch frees
the memory directly for case 0x03.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
---
drivers/video/fbdev/neofb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/neofb.c b/drivers/video/fbdev/neofb.c
index f5a676bfd67a..09a20d4ab35f 100644
--- a/drivers/video/fbdev/neofb.c
+++ b/drivers/video/fbdev/neofb.c
@@ -1819,6 +1819,7 @@ static int neo_scan_monitor(struct fb_info *info)
#else
printk(KERN_ERR
"neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
+ kfree(info->monspecs.modedb);
return -1;
#endif
default:
--
2.16.4
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next reply other threads:[~2020-06-30 19:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20200630195458eucas1p2fc508a96f648c8af44d5ed5ff906a103@eucas1p2.samsung.com>
2020-06-30 19:54 ` Evgeny Novikov [this message]
2020-06-30 19:54 ` [PATCH] video: fbdev: neofb: fix memory leak in neo_scan_monitor() Evgeny Novikov
2020-06-30 19:54 ` Evgeny Novikov
2020-07-10 14:23 ` Bartlomiej Zolnierkiewicz
2020-07-10 14:23 ` Bartlomiej Zolnierkiewicz
2020-07-10 14:23 ` Bartlomiej Zolnierkiewicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200630195451.18675-1-novikov@ispras.ru \
--to=novikov@ispras.ru \
--cc=akpm@linux-foundation.org \
--cc=b.zolnierkie@samsung.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=jani.nikula@intel.com \
--cc=ldv-project@linuxtesting.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rppt@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.