| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251105100439.2780370-1-k.yankevich@omp.ru>
Date: Wed, 5 Nov 2025 13:04:39 +0300
From: Karina Yankevich <k.yankevich@....ru>
To: Sandy Huang <hjc@...k-chips.com>
CC: Karina Yankevich <k.yankevich@....ru>, Heiko Stübner
<heiko@...ech.de>, Andy Yan <andy.yan@...k-chips.com>,
<linux-rockchip@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
<lvc-project@...uxtesting.org>, Sergey Shtylyov <s.shtylyov@....ru>
Subject: [PATCH] drm/rockchip: gem: Fix memory leak when drm object init failed
If drm_gem_object_init() call in rockchip_gem_alloc_object() fails
then rk_obj isn't freed. Fix this by checking drm_gem_object_init()'s
result.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 6fd0bfe2f7ea ("drm/rockchip: support prime import sg table")
Signed-off-by: Karina Yankevich <k.yankevich@....ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@....ru>
---
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
index 6330b883efc3..ad888f9379db 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c
@@ -284,6 +284,7 @@ static struct rockchip_gem_object *
{
struct rockchip_gem_object *rk_obj;
struct drm_gem_object *obj;
+ int ret;
size = round_up(size, PAGE_SIZE);
@@ -295,7 +296,12 @@ static struct rockchip_gem_object *
obj->funcs = &rockchip_gem_object_funcs;
- drm_gem_object_init(drm, obj, size);
+ ret = drm_gem_object_init(drm, obj, size);
+ if (ret) {
+ DRM_ERROR("failed to initialize gem object: %d\n", ret);
+ kfree(rk_obj);
+ return ERR_PTR(ret);
+ }
return rk_obj;
}
--
2.34.1
Powered by blists - more mailing lists