lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1127a2bb3b86437e82cf4b46c1a73f44@realtek.com>
Date: Tue, 20 Jan 2026 03:31:02 +0000
From: Ping-Ke Shih <pkshih@...ltek.com>
To: Zong-Zhe Yang <kevin_yang@...ltek.com>, Zilin Guan <zilin@....edu.cn>
CC: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "jianhao.xu@....edu.cn" <jianhao.xu@....edu.cn>
Subject: RE: [PATCH v2] wifi: rtw89: debug: Fix memory leak in
 __print_txpwr_map()


Zong-Zhe Yang <kevin_yang@...ltek.com> wrote:
> Zilin Guan <zilin@....edu.cn> wrote:
> >
> > In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
> > If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
> > without freeing bufp, leading to a memory leak.
> >
> > Since the validation of max_valid_addr does not depend on the allocated
> > memory, fix this by moving the vzalloc() call after the check.
> >
> > Compile tested only. Issue found using a prototype static analysis tool
> > and code review.
> >
> > Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
> > Suggested-by: Zong-Zhe Yang <kevin_yang@...ltek.com>
> > Signed-off-by: Zilin Guan <zilin@....edu.cn>
> > ---
> > Changes in v2:
> > - Move memory allocation after validation check to avoid leak.
> >
> >  drivers/net/wireless/realtek/rtw89/debug.c | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/net/wireless/realtek/rtw89/debug.c
> > b/drivers/net/wireless/realtek/rtw89/debug.c
> > index 1264c2f82600..987eef8170f2 100644
> > --- a/drivers/net/wireless/realtek/rtw89/debug.c
> > +++ b/drivers/net/wireless/realtek/rtw89/debug.c
> > @@ -825,10 +825,6 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> > *buf, size_t buf
> >         s8 *bufp, tmp;
> >         int ret;
> >
> > -       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> > -       if (!bufp)
> > -               return -ENOMEM;
> > -
> >         if (path_num == 1)
> >                 max_valid_addr = map->addr_to_1ss;
> >         else
> > @@ -837,6 +833,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev, char
> > *buf, size_t buf
> >         if (max_valid_addr == 0)
> >                 return -EOPNOTSUPP;
> >
> > +       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> > +       if (!bufp)
> > +               return -ENOMEM;
> > +
> >         for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
> >                 ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
> >                 if (ret)
> > --
> > 2.34.1
> 
> Looks good to me.

I suppose I can add 
Reviewed-by: Zong-Zhe Yang <kevin_yang@...ltek.com>

Okay?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ