Message ID | 20200812193345.64225-1-william.gray@canonical.com |
---|---|
State | New |
Headers | show |
Series | [BIONIC,CVE-2019-19054] media: rc: prevent memory leak in cx23888_ir_probe | expand |
This patch was applied in the following patchset: Bionic update: upstream stable patchset 2020-08-11 https://bugs.launchpad.net/bugs/1891228 Thanks! Ian On 2020-08-12 15:33:44 , William Breathitt Gray wrote: > From: Navid Emamdoost <navid.emamdoost@gmail.com> > > In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state > should be released. > > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > Signed-off-by: Sean Young <sean@mess.org> > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> > > CVE-2019-19054 > > (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177) > Signed-off-by: William Breathitt Gray <william.gray@canonical.com> > --- > drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c > index 040323b0f945..f63a7e6f272c 100644 > --- a/drivers/media/pci/cx23885/cx23888-ir.c > +++ b/drivers/media/pci/cx23885/cx23888-ir.c > @@ -1178,8 +1178,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev) > return -ENOMEM; > > spin_lock_init(&state->rx_kfifo_lock); > - if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL)) > + if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, > + GFP_KERNEL)) { > + kfree(state); > return -ENOMEM; > + } > > state->dev = dev; > sd = &state->sd; > -- > 2.25.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c index 040323b0f945..f63a7e6f272c 100644 --- a/drivers/media/pci/cx23885/cx23888-ir.c +++ b/drivers/media/pci/cx23885/cx23888-ir.c @@ -1178,8 +1178,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev) return -ENOMEM; spin_lock_init(&state->rx_kfifo_lock); - if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL)) + if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, + GFP_KERNEL)) { + kfree(state); return -ENOMEM; + } state->dev = dev; sd = &state->sd;