diff mbox series

[BIONIC,CVE-2019-19054] media: rc: prevent memory leak in cx23888_ir_probe

Message ID 20200812193345.64225-1-william.gray@canonical.com
State New
Headers show
Series [BIONIC,CVE-2019-19054] media: rc: prevent memory leak in cx23888_ir_probe | expand

Commit Message

William Breathitt Gray Aug. 12, 2020, 7:33 p.m. UTC 
From: Navid Emamdoost <navid.emamdoost@gmail.com>

In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
should be released.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

CVE-2019-19054

(cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
Signed-off-by: William Breathitt Gray <william.gray@canonical.com>
---
 drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Ian May Aug. 25, 2020, 10:07 p.m. UTC | #1 
This patch was applied in the following patchset:

Bionic update: upstream stable patchset 2020-08-11

https://bugs.launchpad.net/bugs/1891228

Thanks!
Ian

On 2020-08-12 15:33:44 , William Breathitt Gray wrote:
> From: Navid Emamdoost <navid.emamdoost@gmail.com>
> 
> In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
> should be released.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> Signed-off-by: Sean Young <sean@mess.org>
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
> 
> CVE-2019-19054
> 
> (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
> Signed-off-by: William Breathitt Gray <william.gray@canonical.com>
> ---
>  drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
> index 040323b0f945..f63a7e6f272c 100644
> --- a/drivers/media/pci/cx23885/cx23888-ir.c
> +++ b/drivers/media/pci/cx23885/cx23888-ir.c
> @@ -1178,8 +1178,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
>  		return -ENOMEM;
>  
>  	spin_lock_init(&state->rx_kfifo_lock);
> -	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
> +	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
> +			GFP_KERNEL)) {
> +		kfree(state);
>  		return -ENOMEM;
> +	}
>  
>  	state->dev = dev;
>  	sd = &state->sd;
> -- 
> 2.25.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff mbox series

Patch

diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
index 040323b0f945..f63a7e6f272c 100644
--- a/drivers/media/pci/cx23885/cx23888-ir.c
+++ b/drivers/media/pci/cx23885/cx23888-ir.c
@@ -1178,8 +1178,11 @@  int cx23888_ir_probe(struct cx23885_dev *dev)
 		return -ENOMEM;
 
 	spin_lock_init(&state->rx_kfifo_lock);
-	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
+	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
+			GFP_KERNEL)) {
+		kfree(state);
 		return -ENOMEM;
+	}
 
 	state->dev = dev;
 	sd = &state->sd;