[X][CVE-2019-19060][SRU][PATCH 1/1] iio: imu: adis16400: release allocated memory on failure
Po-Hsu Lin
po-hsu.lin at canonical.com
Wed Apr 8 09:07:30 UTC 2020
From: Navid Emamdoost <navid.emamdoost at gmail.com>
CVE-2019-19060
In adis_update_scan_mode, if allocation for adis->buffer fails,
previously allocated adis->xfer needs to be released.
Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean at analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron at huawei.com>
(backported from commit ab612b1daf415b62c58e130cb3d0f30b255a14d0)
[PHLin: context adjustment]
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
drivers/iio/imu/adis_buffer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/imu/adis_buffer.c b/drivers/iio/imu/adis_buffer.c
index 36607d5..9de553e 100644
--- a/drivers/iio/imu/adis_buffer.c
+++ b/drivers/iio/imu/adis_buffer.c
@@ -39,8 +39,11 @@ int adis_update_scan_mode(struct iio_dev *indio_dev,
return -ENOMEM;
adis->buffer = kzalloc(indio_dev->scan_bytes * 2, GFP_KERNEL);
- if (!adis->buffer)
+ if (!adis->buffer) {
+ kfree(adis->xfer);
+ adis->xfer = NULL;
return -ENOMEM;
+ }
rx = adis->buffer;
tx = rx + scan_count;
--
2.7.4
More information about the kernel-team
mailing list