lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <675efa79414d2d8cb3696d3ca3a0c3be99bd92fa.camel@gmail.com>
Date:   Wed, 31 Mar 2021 13:22:01 +0500
From:   Muhammad Usama Anjum <musamaanjum@...il.com>
To:     hverkuil-cisco@...all.nl
Cc:     syzkaller-bugs@...glegroups.com, dvyukov@...gle.com,
        linux-kernel@...r.kernel.org,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        "open list:EM28XX VIDEO4LINUX DRIVER" <linux-media@...r.kernel.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak

On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> If some error occurs, URB buffers should also be freed. If they aren't
> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> buffers as dvb is set to NULL. The function in which error occurs should
> do all the cleanup for the allocations it had done.
> 
> Tested the patch with the reproducer provided by syzbot. This patch
> fixes the memleak.
> 
> Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
> Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
> ---
> Resending the same path as some email addresses were missing from the
> earlier email.
> 
> syzbot found the following issue on:
> 
> HEAD commit:    1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> 
>  drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> index 526424279637..471bd74667e3 100644
> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
>  	return result;
>  
>  out_free:
> +	em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
>  	kfree(dvb);
>  	dev->dvb = NULL;
>  	goto ret;

I'd received the following notice and waiting for the review:
On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
> Hello,
> 
> The following patch (submitted by you) has been updated in Patchwork:
> 
>  * linux-media: media: em28xx: fix memory leak
>      - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
>      - for: Linux Media kernel patches
>     was: New
>     now: Under Review
> 
> This email is a notification only - you do not need to respond.
> 
> Happy patchworking.
> 

Thanks,
Usama


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ