| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <fd632c9a289eb28ded37b573e999a8f4e7402ca3.1624217907.git.paskripkin@gmail.com>
Date: Sun, 20 Jun 2021 22:45:02 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: hverkuil-cisco@...all.nl, mchehab@...nel.org, oneukum@...e.com,
gregkh@...e.de
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
Pavel Skripkin <paskripkin@...il.com>
Subject: [PATCH 1/2] media: go7007: fix memory leak in go7007_usb_probe
In commit 137641287eb4 ("go7007: add sanity checking for endpoints")
endpoint sanity check was introduced, but if check fails it simply
returns with leaked pointers.
Cutted log from my local syzbot instance:
BUG: memory leak
unreferenced object 0xffff8880209f0000 (size 8192):
comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s)
hex dump (first 32 bytes):
30 b0 27 22 80 88 ff ff 75 73 62 2d 64 75 6d 6d 0.'"....usb-dumm
79 5f 68 63 64 2e 33 2d 31 00 00 00 00 00 00 00 y_hcd.3-1.......
backtrace:
[<ffffffff860ca856>] kmalloc include/linux/slab.h:556 [inline]
[<ffffffff860ca856>] kzalloc include/linux/slab.h:686 [inline]
[<ffffffff860ca856>] go7007_alloc+0x46/0xb40 drivers/media/usb/go7007/go7007-driver.c:696
[<ffffffff860de74e>] go7007_usb_probe+0x13e/0x2200 drivers/media/usb/go7007/go7007-usb.c:1114
[<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396
[<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576
BUG: memory leak
unreferenced object 0xffff88801e2f2800 (size 512):
comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s)
hex dump (first 32 bytes):
00 87 40 8a ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff860de794>] kmalloc include/linux/slab.h:556 [inline]
[<ffffffff860de794>] kzalloc include/linux/slab.h:686 [inline]
[<ffffffff860de794>] go7007_usb_probe+0x184/0x2200 drivers/media/usb/go7007/go7007-usb.c:1118
[<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396
[<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576
Fixes: 137641287eb4 ("go7007: add sanity checking for endpoints")
Signed-off-by: Pavel Skripkin <paskripkin@...il.com>
---
drivers/media/usb/go7007/go7007-usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/go7007/go7007-usb.c b/drivers/media/usb/go7007/go7007-usb.c
index dbf0455d5d50..eeb85981e02b 100644
--- a/drivers/media/usb/go7007/go7007-usb.c
+++ b/drivers/media/usb/go7007/go7007-usb.c
@@ -1134,7 +1134,7 @@ static int go7007_usb_probe(struct usb_interface *intf,
ep = usb->usbdev->ep_in[4];
if (!ep)
- return -ENODEV;
+ goto allocfail;
/* Allocate the URB and buffer for receiving incoming interrupts */
usb->intr_urb = usb_alloc_urb(0, GFP_KERNEL);
--
2.32.0
Powered by blists - more mailing lists