|
Oliver Neukum |
2128de |
From 8dbdcc7269a83305ee9d677b75064d3530a48ee2 Mon Sep 17 00:00:00 2001
|
|
Oliver Neukum |
2128de |
From: Zhou Qingyang <zhou1615@umn.edu>
|
|
Oliver Neukum |
2128de |
Date: Tue, 30 Nov 2021 16:38:05 +0100
|
|
Oliver Neukum |
2128de |
Subject: [PATCH] media: dib8000: Fix a memleak in dib8000_init()
|
|
Oliver Neukum |
2128de |
Git-commit: 8dbdcc7269a83305ee9d677b75064d3530a48ee2
|
|
Oliver Neukum |
2128de |
References: git-fixes
|
|
Oliver Neukum |
2128de |
Patch-mainline: v5.17-rc1
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
In dib8000_init(), the variable fe is not freed or passed out on the
|
|
Oliver Neukum |
2128de |
failure of dib8000_identify(&state->i2c), which could lead to a memleak.
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
Fix this bug by adding a kfree of fe in the error path.
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
This bug was found by a static analyzer. The analysis employs
|
|
Oliver Neukum |
2128de |
differential checking to identify inconsistent security operations
|
|
Oliver Neukum |
2128de |
(e.g., checks or kfrees) between two code paths and confirms that the
|
|
Oliver Neukum |
2128de |
inconsistent operations are not recovered in the current function or
|
|
Oliver Neukum |
2128de |
the callers, so they constitute bugs.
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
Note that, as a bug found by static analysis, it can be a false
|
|
Oliver Neukum |
2128de |
positive or hard to trigger. Multiple researchers have cross-reviewed
|
|
Oliver Neukum |
2128de |
the bug.
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
Builds with CONFIG_DVB_DIB8000=m show no new warnings,
|
|
Oliver Neukum |
2128de |
and our static analyzer no longer warns about this code.
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
Fixes: 77e2c0f5d471 ("V4L/DVB (12900): DiB8000: added support for DiBcom ISDB-T/ISDB-Tsb demodulator DiB8000")
|
|
Oliver Neukum |
2128de |
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
|
|
Oliver Neukum |
2128de |
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
|
|
Oliver Neukum |
2128de |
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
|
|
Oliver Neukum |
2128de |
Signed-off-by: Oliver Neukum <oneukum@suse.com>
|
|
Oliver Neukum |
2128de |
---
|
|
Oliver Neukum |
2128de |
drivers/media/dvb-frontends/dib8000.c | 4 +++-
|
|
Oliver Neukum |
2128de |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c
|
|
Oliver Neukum |
2128de |
index bb02354a48b8..d67f2dd997d0 100644
|
|
Oliver Neukum |
2128de |
--- a/drivers/media/dvb-frontends/dib8000.c
|
|
Oliver Neukum |
2128de |
+++ b/drivers/media/dvb-frontends/dib8000.c
|
|
Oliver Neukum |
2128de |
@@ -4473,8 +4473,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
state->timf_default = cfg->pll->timf;
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
- if (dib8000_identify(&state->i2c) == 0)
|
|
Oliver Neukum |
2128de |
+ if (dib8000_identify(&state->i2c) == 0) {
|
|
Oliver Neukum |
2128de |
+ kfree(fe);
|
|
Oliver Neukum |
2128de |
goto error;
|
|
Oliver Neukum |
2128de |
+ }
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr);
|
|
Oliver Neukum |
2128de |
|
|
Oliver Neukum |
2128de |
--
|
|
Oliver Neukum |
2128de |
2.35.3
|
|
Oliver Neukum |
2128de |
|