lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YtG7sRuSIeZNhzNK@pendragon.ideasonboard.com>
Date:   Fri, 15 Jul 2022 22:10:41 +0300
From:   Laurent Pinchart <laurent.pinchart@...asonboard.com>
To:     José Expósito <jose.exposito89@...il.com>
Cc:     mchehab@...nel.org, linux-media@...r.kernel.org,
        linux-kernel@...r.kernel.org, ribalda@...omium.org
Subject: Re: [PATCH RESEND v2] media: uvcvideo: Fix memory leak in
 uvc_gpio_parse

Hi José,

Thank you for the patch.

On Sat, Jan 08, 2022 at 06:04:39PM +0100, José Expósito wrote:

I can't believe I've managed to ignore this patch for so long :-( Sorry.

> Previously the unit buffer was allocated before checking the IRQ for
> privacy GPIO.
> In case of error, the unit buffer was leaked.
> 
> Allocate the unit buffer after the IRQ to avoid it.
> 
> Addresses-Coverity-ID: 1474639 ("Resource leak")
> Fixes: 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT")
> Signed-off-by: José Expósito <jose.exposito89@...il.com>
> Reviewed-by: Ricardo Ribalda <ribalda@...omium.org>

Reviewed-by: Laurent Pinchart <laurent.pinchart@...asonboard.com>

> ---
> 
> v2: Add Fixes and Reviewed-by tags
> ---
>  drivers/media/usb/uvc/uvc_driver.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
> index 7c007426e082..9e83e2002710 100644
> --- a/drivers/media/usb/uvc/uvc_driver.c
> +++ b/drivers/media/usb/uvc/uvc_driver.c
> @@ -1533,10 +1533,6 @@ static int uvc_gpio_parse(struct uvc_device *dev)
>  	if (IS_ERR_OR_NULL(gpio_privacy))
>  		return PTR_ERR_OR_ZERO(gpio_privacy);
>  
> -	unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1);
> -	if (!unit)
> -		return -ENOMEM;
> -
>  	irq = gpiod_to_irq(gpio_privacy);
>  	if (irq < 0) {
>  		if (irq != EPROBE_DEFER)
> @@ -1545,6 +1541,10 @@ static int uvc_gpio_parse(struct uvc_device *dev)
>  		return irq;
>  	}
>  
> +	unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1);
> +	if (!unit)
> +		return -ENOMEM;
> +
>  	unit->gpio.gpio_privacy = gpio_privacy;
>  	unit->gpio.irq = irq;
>  	unit->gpio.bControlSize = 1;

-- 
Regards,

Laurent Pinchart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ