[PATCH AUTOSEL 6.16-5.4] kconfig: gconf: fix potential memory leak in renderer_edited()

[Sasha Levin <sashal@kernel.org>]

From: Masahiro Yamada <masahiroy@kernel.org>

[ Upstream commit f72ed4c6a375e52a3f4b75615e4a89d29d8acea7 ]

If gtk_tree_model_get_iter() fails, gtk_tree_path_free() is not called.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

Based on my analysis of the commit and examination of the code, here is
my assessment:

**Backport Status: YES**

## Extensive Analysis:

### 1. **Nature of the Bug**
The commit fixes a clear memory leak in the `renderer_edited()` function
in scripts/kconfig/gconf.c. The function allocates a GtkTreePath object
using `gtk_tree_path_new_from_string()` at line 782, but if
`gtk_tree_model_get_iter()` fails on line 788, the function returns
early without calling `gtk_tree_path_free()`, causing a memory leak.

### 2. **Bug Impact**
- **Resource leak**: Every time a user attempts to edit a value in the
  GTK-based kernel configuration tool (gconfig) and the operation fails
  to get the iterator, memory is leaked.
- **User-facing impact**: While gconfig is not used by all kernel users,
  those who do use it for configuring the kernel could experience memory
  leaks during interactive configuration sessions.
- **Accumulation potential**: In a long configuration session with
  multiple failed edits, these leaks could accumulate.

### 3. **Fix Analysis**
The fix is minimal and straightforward:
- Changes the early `return` to a `goto free` statement
- Adds a `free:` label before the existing `gtk_tree_path_free(path)`
  call
- This ensures the allocated path is always freed, whether the function
  succeeds or fails

### 4. **Risk Assessment**
- **Minimal risk**: The change only affects the error path and ensures
  proper cleanup
- **No functional changes**: The fix doesn't alter any program logic, it
  only adds proper resource cleanup
- **Well-contained**: The change is limited to a single function in the
  gconfig tool
- **Standard pattern**: Using goto for cleanup is a common and accepted
  pattern in kernel code

### 5. **Stable Tree Criteria Compliance**
The commit meets stable tree requirements:
- ✓ Fixes a real bug (memory leak)
- ✓ Small and contained (2 lines changed)
- ✓ No new features or architectural changes
- ✓ Clear and obvious correctness
- ✓ Minimal regression risk

### 6. **Historical Context**
Looking at the git history, there have been multiple memory leak fixes
in the kconfig subsystem (e.g., commits a409fc1463d6, ae1eff0349f2,
fbac5977d81c), indicating this is an area where such fixes are
considered important and regularly backported.

### 7. **Code Pattern Analysis**
Examining other uses of `gtk_tree_model_get_iter()` in the same file
shows that other call sites don't have this issue because they either:
- Don't allocate resources before the call (lines 902, 962, 1015)
- Or are in different contexts where the path is managed differently

This makes the fix in `renderer_edited()` particularly important as it's
the only place with this specific leak pattern.

The commit should be backported to stable kernels to ensure users of the
gconfig tool don't experience memory leaks during kernel configuration
sessions.

 scripts/kconfig/gconf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/kconfig/gconf.c b/scripts/kconfig/gconf.c
index abe4cfe66b14..0caf0ced13df 100644
--- a/scripts/kconfig/gconf.c
+++ b/scripts/kconfig/gconf.c
@@ -748,7 +748,7 @@ static void renderer_edited(GtkCellRendererText * cell,
 	struct symbol *sym;
 
 	if (!gtk_tree_model_get_iter(model2, &iter, path))
-		return;
+		goto free;
 
 	gtk_tree_model_get(model2, &iter, COL_MENU, &menu, -1);
 	sym = menu->sym;
@@ -760,6 +760,7 @@ static void renderer_edited(GtkCellRendererText * cell,
 
 	update_tree(&rootmenu, NULL);
 
+free:
 	gtk_tree_path_free(path);
 }
 
-- 
2.39.5