From: Dan Carpenter <dan.carpenter@linaro.org>
To: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
Cc: gregkh@linuxfoundation.org, linux-staging@lists.linux.dev,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/4] staging: rtl8723bs: fix firmware memory leak on error path
Date: Thu, 18 Dec 2025 10:14:46 +0300 [thread overview]
Message-ID: <aUOp5rEWwjOp6-nU@stanley.mountain> (raw)
In-Reply-To: <20251218011414.1781294-2-samasth.norway.ananda@oracle.com>
On Wed, Dec 17, 2025 at 05:14:11PM -0800, Samasth Norway Ananda wrote:
> Fix memory leak where firmware is not released on error paths in
> rtl8723b_FirmwareDownload().
>
> After successfully calling request_firmware(), if the firmware size
> check fails or if kmemdup() fails, the code jumps to the exit label
> without calling release_firmware(), causing a memory leak.
>
> Add a release_fw label to properly free the firmware in these er:qror
> cases. Also add an error message when firmware size exceeds the limit to
> help with debugging.
>
> Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
> ---
> drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
> index 57c83f332e74..0eae624a36f0 100644
> --- a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
> +++ b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c
> @@ -345,14 +345,16 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw)
> }
>
> if (fw->size > FW_8723B_SIZE) {
> + pr_err("Firmware size exceed, max: %d, actual: %zu\n",
> + FW_8723B_SIZE, fw->size);
> rtStatus = _FAIL;
> - goto exit;
> + goto release_fw;
> }
>
> pFirmware->fw_buffer_sz = kmemdup(fw->data, fw->size, GFP_KERNEL);
> if (!pFirmware->fw_buffer_sz) {
> rtStatus = _FAIL;
> - goto exit;
> + goto release_fw;
> }
>
> pFirmware->fw_length = fw->size;
> @@ -415,6 +417,10 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw)
> goto fwdl_stat;
>
> fwdl_stat:
> + goto exit;
What's the point of this nonsense label the just does another goto?
regards,
dan carpenter
> +
> +release_fw:
> + release_firmware(fw);
>
> exit:
> kfree(pFirmware->fw_buffer_sz);
> --
> 2.50.1
>
next prev parent reply other threads:[~2025-12-18 7:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 1:14 [PATCH 0/4] staging: rtl8723bs: Fix error handling and memory Samasth Norway Ananda
2025-12-18 1:14 ` [PATCH 1/4] staging: rtl8723bs: fix firmware memory leak on error path Samasth Norway Ananda
2025-12-18 7:14 ` Dan Carpenter [this message]
2025-12-18 17:00 ` [External] : " samasth.norway.ananda
2025-12-18 1:14 ` [PATCH 2/4] staging: rtl8723bs: fix memory leak in rtw_cfg80211_inform_bss() Samasth Norway Ananda
2025-12-18 1:14 ` [PATCH 3/4] staging: rtl8723bs: add IS_ERR() check for kthread_run() Samasth Norway Ananda
2025-12-18 1:14 ` [PATCH 4/4] staging: rtl8723bs: check return value of rtw_wdev_alloc() Samasth Norway Ananda
2025-12-18 7:12 ` Dan Carpenter
2025-12-18 16:31 ` [External] : " samasth.norway.ananda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUOp5rEWwjOp6-nU@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=samasth.norway.ananda@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.