lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <911af8f1-d654-b4e1-1aac-c8a7ff94f6da@xs4all.nl>
Date:   Thu, 2 Sep 2021 12:49:37 +0200
From:   Hans Verkuil <hverkuil@...all.nl>
To:     Dongliang Mu <mudongliangabcd@...il.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>
Cc:     linux-media@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] media: usb: fix memory leak in stk_camera_probe

Hi Dongliang,

On 02/09/2021 12:23, Dongliang Mu wrote:
> On Fri, Jul 23, 2021 at 6:11 PM Dongliang Mu <mudongliangabcd@...il.com> wrote:
>>
>> On Wed, Jul 14, 2021 at 11:23 AM Dongliang Mu <mudongliangabcd@...il.com> wrote:
>>>
>>> stk_camera_probe mistakenly execute usb_get_intf and increase the
>>> refcount of interface->dev.
>>>
>>> Fix this by removing the execution of usb_get_intf.
>>
>> Any idea about this patch?
> 
> +cc Dan Carpenter, gregkh
> 
> There is no reply in this thread in one month. Can someone give some
> feedback on this patch?

I saw that it was marked as Obsoleted in patchwork, but I might have confused
this patch with similar, but not identical, patches for this driver.

I've moved the state back to New.

Comments follow below:

> 
>>
>>>
>>> Reported-by: Dongliang Mu <mudongliangabcd@...il.com>
>>> Fixes: 0aa77f6c2954 ("[media] move the remaining USB drivers to drivers/media/usb")
>>> Signed-off-by: Dongliang Mu <mudongliangabcd@...il.com>
>>> ---
>>>  drivers/media/usb/stkwebcam/stk-webcam.c | 1 -
>>>  1 file changed, 1 deletion(-)
>>>
>>> diff --git a/drivers/media/usb/stkwebcam/stk-webcam.c b/drivers/media/usb/stkwebcam/stk-webcam.c
>>> index a45d464427c4..5bd8e85b9452 100644
>>> --- a/drivers/media/usb/stkwebcam/stk-webcam.c
>>> +++ b/drivers/media/usb/stkwebcam/stk-webcam.c
>>> @@ -1311,7 +1311,6 @@ static int stk_camera_probe(struct usb_interface *interface,
>>>
>>>         dev->udev = udev;
>>>         dev->interface = interface;
>>> -       usb_get_intf(interface);

Even though this increments the refcount (which might well be unnecessary),
it is also decremented with usb_put_intf. So is there actually a bug here?

And if this is changed, then I expect that both get_intf and put_intf should be
removed, and not just the get.

Regards,

	Hans

>>>
>>>         if (hflip != -1)
>>>                 dev->vsettings.hflip = hflip;
>>> --
>>> 2.25.1
>>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ