lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e8e7b26c37084c418e2d6778c77ca100@realtek.com>
Date: Tue, 20 Jan 2026 03:27:53 +0000
From: Zong-Zhe Yang <kevin_yang@...ltek.com>
To: Zilin Guan <zilin@....edu.cn>, Ping-Ke Shih <pkshih@...ltek.com>
CC: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "jianhao.xu@....edu.cn" <jianhao.xu@....edu.cn>
Subject: RE: [PATCH v2] wifi: rtw89: debug: Fix memory leak in
 __print_txpwr_map()

Zilin Guan <zilin@....edu.cn> wrote:
> 
> In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
> If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
> without freeing bufp, leading to a memory leak.
> 
> Since the validation of max_valid_addr does not depend on the allocated
> memory, fix this by moving the vzalloc() call after the check.
> 
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
> 
> Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
> Suggested-by: Zong-Zhe Yang <kevin_yang@...ltek.com>
> Signed-off-by: Zilin Guan <zilin@....edu.cn>
> ---
> Changes in v2:
> - Move memory allocation after validation check to avoid leak.
> 
>  drivers/net/wireless/realtek/rtw89/debug.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/wireless/realtek/rtw89/debug.c
> b/drivers/net/wireless/realtek/rtw89/debug.c
> index 1264c2f82600..987eef8170f2 100644
> --- a/drivers/net/wireless/realtek/rtw89/debug.c
> +++ b/drivers/net/wireless/realtek/rtw89/debug.c
> @@ -825,10 +825,6 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> *buf, size_t buf
>         s8 *bufp, tmp;
>         int ret;
> 
> -       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> -       if (!bufp)
> -               return -ENOMEM;
> -
>         if (path_num == 1)
>                 max_valid_addr = map->addr_to_1ss;
>         else
> @@ -837,6 +833,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> *buf, size_t buf
>         if (max_valid_addr == 0)
>                 return -EOPNOTSUPP;
> 
> +       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> +       if (!bufp)
> +               return -ENOMEM;
> +
>         for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
>                 ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
>                 if (ret)
> --
> 2.34.1

Looks good to me.
Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ