| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260116074836.1199951-1-zilin@seu.edu.cn>
Date: Fri, 16 Jan 2026 07:48:36 +0000
From: Zilin Guan <zilin@....edu.cn>
To: pkshih@...ltek.com
Cc: jianhao.xu@....edu.cn,
linux-wireless@...r.kernel.org,
linux-kernel@...r.kernel.org,
Zilin Guan <zilin@....edu.cn>
Subject: [PATCH] wifi: rtw89: debug: Fix memory leak in __print_txpwr_map()
In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
without freeing bufp, leading to a memory leak.
Fix this by freeing the temporary buffer bufp in the error path.
Compile tested only. Issue found using a prototype static analysis tool
and code review.
Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
drivers/net/wireless/realtek/rtw89/debug.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw89/debug.c b/drivers/net/wireless/realtek/rtw89/debug.c
index 1264c2f82600..c7bd1d0212b6 100644
--- a/drivers/net/wireless/realtek/rtw89/debug.c
+++ b/drivers/net/wireless/realtek/rtw89/debug.c
@@ -834,8 +834,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char *buf, size_t buf
else
max_valid_addr = map->addr_to;
- if (max_valid_addr == 0)
+ if (max_valid_addr == 0) {
+ vfree(bufp);
return -EOPNOTSUPP;
+ }
for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
--
2.34.1
Powered by blists - more mailing lists