lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e0ddcb2d043c4006bc34a039f7469e04@realtek.com>
Date: Tue, 20 Jan 2026 03:39:01 +0000
From: Zong-Zhe Yang <kevin_yang@...ltek.com>
To: Ping-Ke Shih <pkshih@...ltek.com>, Zilin Guan <zilin@....edu.cn>
CC: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "jianhao.xu@....edu.cn" <jianhao.xu@....edu.cn>
Subject: RE: [PATCH v2] wifi: rtw89: debug: Fix memory leak in
 __print_txpwr_map()

Ping-Ke Shih <pkshih@...ltek.com> wrote:
> Zong-Zhe Yang <kevin_yang@...ltek.com> wrote:
> > Zilin Guan <zilin@....edu.cn> wrote:
> > >
> > > In __print_txpwr_map(), memory is allocated to bufp via vzalloc().
> > > If max_valid_addr is 0, the function returns -EOPNOTSUPP immediately
> > > without freeing bufp, leading to a memory leak.
> > >
> > > Since the validation of max_valid_addr does not depend on the allocated
> > > memory, fix this by moving the vzalloc() call after the check.
> > >
> > > Compile tested only. Issue found using a prototype static analysis tool
> > > and code review.
> > >
> > > Fixes: 036042e15770 ("wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips")
> > > Suggested-by: Zong-Zhe Yang <kevin_yang@...ltek.com>
> > > Signed-off-by: Zilin Guan <zilin@....edu.cn>
> > > ---
> > > Changes in v2:
> > > - Move memory allocation after validation check to avoid leak.
> > >
> > >  drivers/net/wireless/realtek/rtw89/debug.c | 8 ++++----
> > >  1 file changed, 4 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/drivers/net/wireless/realtek/rtw89/debug.c
> > > b/drivers/net/wireless/realtek/rtw89/debug.c
> > > index 1264c2f82600..987eef8170f2 100644
> > > --- a/drivers/net/wireless/realtek/rtw89/debug.c
> > > +++ b/drivers/net/wireless/realtek/rtw89/debug.c
> > > @@ -825,10 +825,6 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev,
> char
> > > *buf, size_t buf
> > >         s8 *bufp, tmp;
> > >         int ret;
> > >
> > > -       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> > > -       if (!bufp)
> > > -               return -ENOMEM;
> > > -
> > >         if (path_num == 1)
> > >                 max_valid_addr = map->addr_to_1ss;
> > >         else
> > > @@ -837,6 +833,10 @@ static ssize_t __print_txpwr_map(struct rtw89_dev *rtwdev,
> char
> > > *buf, size_t buf
> > >         if (max_valid_addr == 0)
> > >                 return -EOPNOTSUPP;
> > >
> > > +       bufp = vzalloc(map->addr_to - map->addr_from + 4);
> > > +       if (!bufp)
> > > +               return -ENOMEM;
> > > +
> > >         for (addr = map->addr_from; addr <= max_valid_addr; addr += 4) {
> > >                 ret = rtw89_mac_txpwr_read32(rtwdev, RTW89_PHY_0, addr, &val);
> > >                 if (ret)
> > > --
> > > 2.34.1
> >
> > Looks good to me.
> 
> I suppose I can add
> Reviewed-by: Zong-Zhe Yang <kevin_yang@...ltek.com>
> 
> Okay?

Okay, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ