[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20211015095855.3621089-1-yangyingliang@huawei.com>
Date: Fri, 15 Oct 2021 17:58:55 +0800
From: Yang Yingliang <yangyingliang@...wei.com>
To: <linux-kernel@...r.kernel.org>, <linux-media@...r.kernel.org>
CC: <mchehab@...nel.org>, <hverkuil@...all.nl>
Subject: [PATCH] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
n the 'radio->hdl.error' error handling, ctrl handler allocated by
v4l2_ctrl_new_std() does not released, and caused memory leak as
follows:
unreferenced object 0xffff888033d54200 (size 256):
comm "i2c-si470x-19", pid 909, jiffies 4294914203 (age 8.072s)
hex dump (first 32 bytes):
e8 69 11 03 80 88 ff ff 00 46 d5 33 80 88 ff ff .i.......F.3....
10 42 d5 33 80 88 ff ff 10 42 d5 33 80 88 ff ff .B.3.....B.3....
backtrace:
[<00000000086bd4ed>] __kmalloc_node+0x1eb/0x360
[<00000000bdb68871>] kvmalloc_node+0x66/0x120
[<00000000fac74e4c>] v4l2_ctrl_new+0x7b9/0x1c60 [videodev]
[<00000000693bf940>] v4l2_ctrl_new_std+0x19b/0x270 [videodev]
[<00000000c0cb91bc>] si470x_i2c_probe+0x2d3/0x9a0 [radio_si470x_i2c]
[<0000000056a6f01f>] i2c_device_probe+0x4d8/0xbe0
Fix the error handling path to avoid memory leak.
Reported-by: Hulk Robot <hulkci@...wei.com>
Fixes: 8c081b6f9a9b ("media: radio: Critical v4l2 registration...")
Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
---
drivers/media/radio/si470x/radio-si470x-i2c.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c
index f491420d7b53..eb1b777245ee 100644
--- a/drivers/media/radio/si470x/radio-si470x-i2c.c
+++ b/drivers/media/radio/si470x/radio-si470x-i2c.c
@@ -368,7 +368,7 @@ static int si470x_i2c_probe(struct i2c_client *client)
if (radio->hdl.error) {
retval = radio->hdl.error;
dev_err(&client->dev, "couldn't register control\n");
- goto err_dev;
+ goto err_all;
}
/* video device initialization */
@@ -463,7 +463,6 @@ static int si470x_i2c_probe(struct i2c_client *client)
return 0;
err_all:
v4l2_ctrl_handler_free(&radio->hdl);
-err_dev:
v4l2_device_unregister(&radio->v4l2_dev);
err_initial:
return retval;
--
2.25.1
Powered by blists - more mailing lists