| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1566019668-4152-1-git-send-email-wenwen@cs.uga.edu>
Date: Sat, 17 Aug 2019 00:27:46 -0500
From: Wenwen Wang <wenwen@...uga.edu>
To: Wenwen Wang <wenwen@...uga.edu>
Cc: Mauro Carvalho Chehab <mchehab@...nel.org>,
Hans Verkuil <hverkuil-cisco@...all.nl>,
Sakari Ailus <sakari.ailus@...ux.intel.com>,
Kate Stewart <kstewart@...uxfoundation.org>,
Allison Randal <allison@...utok.net>,
Thomas Gleixner <tglx@...utronix.de>,
Oliver Neukum <oneukum@...e.com>,
linux-media@...r.kernel.org (open list:MEDIA INPUT INFRASTRUCTURE
(V4L/DVB)), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] media: cpia2_usb: fix memory leaks
In submit_urbs(), 'cam->sbuf[i].data' is allocated through kmalloc_array().
However, it is not deallocated if the following allocation for urbs fails.
To fix this issue, free 'cam->sbuf[i].data' if usb_alloc_urb() fails.
Signed-off-by: Wenwen Wang <wenwen@...uga.edu>
---
drivers/media/usb/cpia2/cpia2_usb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/usb/cpia2/cpia2_usb.c b/drivers/media/usb/cpia2/cpia2_usb.c
index 17468f7..3ab80a7 100644
--- a/drivers/media/usb/cpia2/cpia2_usb.c
+++ b/drivers/media/usb/cpia2/cpia2_usb.c
@@ -676,6 +676,10 @@ static int submit_urbs(struct camera_data *cam)
if (!urb) {
for (j = 0; j < i; j++)
usb_free_urb(cam->sbuf[j].urb);
+ for (j = 0; j < NUM_SBUF; j++) {
+ kfree(cam->sbuf[j].data);
+ cam->sbuf[j].data = NULL;
+ }
return -ENOMEM;
}
--
2.7.4
Powered by blists - more mailing lists