lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <440f562a5e3f56b5954f9bf3b9c155b3e173ae66.camel@gmail.com>
Date:   Mon, 22 Mar 2021 20:13:24 +0500
From:   Muhammad Usama Anjum <musamaanjum@...il.com>
To:     linux-kernel@...r.kernel.org,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        dvyukov@...gle.com
Cc:     syzkaller-bugs@...glegroups.com, musamaanjum@...il.com
Subject: Re: [PATCH] media: em28xx: fix memory leak

On Mon, 2021-03-22 at 19:54 +0500, Muhammad Usama Anjum wrote:
> If some error occurs, URB buffers should also be freed. If they aren't
> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> buffers as dvb is set to NULL. The function in which error occurs should
> do all the cleanup for the allocations it had done.
> 
> Tested the patch with the reproducer provided by syzbot. This patch
> fixes the memleak.
> 
> Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
> Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
> ---
>  drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> index 526424279637..471bd74667e3 100644
> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
>  	return result;
>  
>  out_free:
> +	em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
>  	kfree(dvb);
>  	dev->dvb = NULL;
>  	goto ret;
I should have replied to email originated by the syzbot. Anyhow here are some
details from that email:

syzbot found the following issue on:

HEAD commit:    1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com

Thanks,
Usama

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ