| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1565934837-6471-1-git-send-email-wenwen@cs.uga.edu>
Date: Fri, 16 Aug 2019 00:53:57 -0500
From: Wenwen Wang <wenwen@...uga.edu>
To: Wenwen Wang <wenwen@...uga.edu>
Cc: Sumit Semwal <sumit.semwal@...aro.org>,
Gustavo Padovan <gustavo@...ovan.org>,
linux-media@...r.kernel.org (open list:SYNC FILE FRAMEWORK),
dri-devel@...ts.freedesktop.org (open list:SYNC FILE FRAMEWORK),
linaro-mm-sig@...ts.linaro.org (moderated list:DMA BUFFER SHARING
FRAMEWORK), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] dma-buf: fix a memory leak bug
In sync_file_merge(), 'fences' is firstly allocated through kcalloc().
Later on, if the size is not sufficient, krealloc() is invoked to
reallocate 'nfences', which is assigned to 'fences'. However, if krealloc()
fails, 'fences' is not deallocated, leading to a memory leak bug.
To fix the above issue, free 'fences' before go to the 'err' label.
Signed-off-by: Wenwen Wang <wenwen@...uga.edu>
---
drivers/dma-buf/sync_file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/dma-buf/sync_file.c b/drivers/dma-buf/sync_file.c
index ee4d1a9..6e2b2d3 100644
--- a/drivers/dma-buf/sync_file.c
+++ b/drivers/dma-buf/sync_file.c
@@ -272,8 +272,10 @@ static struct sync_file *sync_file_merge(const char *name, struct sync_file *a,
if (num_fences > i) {
nfences = krealloc(fences, i * sizeof(*fences),
GFP_KERNEL);
- if (!nfences)
+ if (!nfences) {
+ kfree(fences);
goto err;
+ }
fences = nfences;
}
--
2.7.4
Powered by blists - more mailing lists