[FOCAL][CVE-2019-19054][PATCH] media: rc: prevent memory leak in cx23888_ir_probe
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Aug 12 18:21:57 UTC 2020
On Wed, Aug 12, 2020 at 01:51:12PM -0400, William Breathitt Gray wrote:
> From: Navid Emamdoost <navid.emamdoost at gmail.com>
>
> In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
> should be released.
>
> Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> Signed-off-by: Sean Young <sean at mess.org>
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung at kernel.org>
>
> CVE-2019-19054
Hi, William.
This applies cleanly on 5.3, 5.0, 4.15 and 4.4 kernels. Why wasn't it
submitted to those kernels as well?
Thanks.
Cascardo.
PS: this is not needed on 5.6 or 5.8.
>
> (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
> Signed-off-by: William Breathitt Gray <william.gray at canonical.com>
> ---
> drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
> index e880afe37f15..d59ca3601785 100644
> --- a/drivers/media/pci/cx23885/cx23888-ir.c
> +++ b/drivers/media/pci/cx23885/cx23888-ir.c
> @@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
> return -ENOMEM;
>
> spin_lock_init(&state->rx_kfifo_lock);
> - if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
> + if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
> + GFP_KERNEL)) {
> + kfree(state);
> return -ENOMEM;
> + }
>
> state->dev = dev;
> sd = &state->sd;
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list