lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aPiwBG0Iusmy3jeZ@valkosipuli.retiisi.eu>
Date: Wed, 22 Oct 2025 13:20:52 +0300
From: Sakari Ailus <sakari.ailus@....fi>
To: Biancaa Ramesh <biancaa2210329@....edu.in>
Cc: linux-kernel@...r.kernel.org, awalls@...metrocast.net,
	mchehab@...nel.org, linux-media@...r.kernel.org
Subject: Re: [PATCH] kernel memory safety check in a block

Hi Biancaa,

On Wed, Oct 22, 2025 at 01:47:04AM +0530, Biancaa Ramesh wrote:
> Signed-off-by: Biancaa Ramesh <biancaa2210329@....edu.in>
> [PATCH] media: cx18: fix potential double free in cx18_stream_alloc
> 
> The function cx18_stream_alloc() may free buf->buf and buf multiple times
> if dma_mapping_error() occurs. This patch:
> 
> - Adds checks before kfree() to avoid double free
> - Sets pointers to NULL after free to make accidental double free less likely
> - Improves overall memory safety and robustness in error paths
> ---
>  drivers/media/pci/cx18/cx18-queue.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/media/pci/cx18/cx18-queue.c b/drivers/media/pci/cx18/cx18-queue.c
> index eeb5513b1d52..025ba4e6e4be 100644
> --- a/drivers/media/pci/cx18/cx18-queue.c
> +++ b/drivers/media/pci/cx18/cx18-queue.c
> @@ -383,9 +383,16 @@ int cx18_stream_alloc(struct cx18_stream *s)
>  						 buf->buf, s->buf_size,
>  						 s->dma);
>  		if (dma_mapping_error(&s->cx->pci_dev->dev, buf->dma_handle)) {
> -			kfree(buf->buf);
> +			if (buf) {
> +        		if (buf->buf){
> +            	kfree(buf->buf);
> +				buf->buf =NULL;
> +				}
> +        		kfree(buf);
> +				buf=NULL;
> +    		}
>  			kfree(mdl);
> -			kfree(buf);
> +			//makes accidental double free less possible
>  			break;
>  		}
>  

Please read Documentation/process/submitting-patches.rst before submitting
further patches.

-- 
Kind regards,

Sakari Ailus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ