From: Dan Carpenter <dan.carpenter@oracle.com>
To: Muhammad Usama Anjum <musamaanjum@gmail.com>
Cc: hverkuil-cisco@xs4all.nl, syzkaller-bugs@googlegroups.com,
dvyukov@google.com, linux-kernel@vger.kernel.org,
Mauro Carvalho Chehab <mchehab@kernel.org>,
"open list:EM28XX VIDEO4LINUX DRIVER"
<linux-media@vger.kernel.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak
Date: Wed, 31 Mar 2021 11:51:42 +0300 [thread overview]
Message-ID: <20210331085142.GI2065@kadam> (raw)
In-Reply-To: <675efa79414d2d8cb3696d3ca3a0c3be99bd92fa.camel@gmail.com>
On Wed, Mar 31, 2021 at 01:22:01PM +0500, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> > If some error occurs, URB buffers should also be freed. If they aren't
> > freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> > buffers as dvb is set to NULL. The function in which error occurs should
> > do all the cleanup for the allocations it had done.
> >
> > Tested the patch with the reproducer provided by syzbot. This patch
> > fixes the memleak.
> >
> > Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
> > Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
> > ---
> > Resending the same path as some email addresses were missing from the
> > earlier email.
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> > dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> >
> > drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> > index 526424279637..471bd74667e3 100644
> > --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> > +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> > @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> > return result;
> >
> > out_free:
> > + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> > kfree(dvb);
> > dev->dvb = NULL;
> > goto ret;
>
> I'd received the following notice and waiting for the review:
Please wait a minimum of two weeks before asking for updates.
regards,
dan carpenter
next prev parent reply other threads:[~2021-03-31 8:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 18:07 [PATCH] media: em28xx: fix memory leak Muhammad Usama Anjum
2021-03-31 8:22 ` Muhammad Usama Anjum
2021-03-31 8:51 ` Dan Carpenter [this message]
2021-04-06 9:44 ` Muhammad Usama Anjum
2021-04-06 10:07 ` Hans Verkuil
-- strict thread matches above, loose matches on Subject: below --
2021-03-22 14:54 Muhammad Usama Anjum
2021-03-22 15:13 ` Muhammad Usama Anjum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210331085142.GI2065@kadam \
--to=dan.carpenter@oracle.com \
--cc=dvyukov@google.com \
--cc=hverkuil-cisco@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=musamaanjum@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.