[FOCAL][CVE-2019-19054][PATCH] media: rc: prevent memory leak in cx23888_ir_probe

William Breathitt Gray william.gray at canonical.com
Wed Aug 12 18:27:14 UTC 2020 

On Wed, Aug 12, 2020 at 03:21:57PM -0300, Thadeu Lima de Souza Cascardo wrote:
> On Wed, Aug 12, 2020 at 01:51:12PM -0400, William Breathitt Gray wrote:
> > From: Navid Emamdoost <navid.emamdoost at gmail.com>
> > 
> > In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
> > should be released.
> > 
> > Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> > Signed-off-by: Sean Young <sean at mess.org>
> > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung at kernel.org>
> > 
> > CVE-2019-19054
> 
> Hi, William.
> 
> This applies cleanly on 5.3, 5.0, 4.15 and 4.4 kernels. Why wasn't it
> submitted to those kernels as well?
> 
> Thanks.
> Cascardo.
> 
> PS: this is not needed on 5.6 or 5.8.

Hi Cascardo,

I'm still running test builds for the other kernels to verify there are
no issues. In the future, should I wait to submit all of these together?

Thanks,

William Breathitt Gray

> > 
> > (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
> > Signed-off-by: William Breathitt Gray <william.gray at canonical.com>
> > ---
> >  drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
> > index e880afe37f15..d59ca3601785 100644
> > --- a/drivers/media/pci/cx23885/cx23888-ir.c
> > +++ b/drivers/media/pci/cx23885/cx23888-ir.c
> > @@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
> >  		return -ENOMEM;
> >  
> >  	spin_lock_init(&state->rx_kfifo_lock);
> > -	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
> > +	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
> > +			GFP_KERNEL)) {
> > +		kfree(state);
> >  		return -ENOMEM;
> > +	}
> >  
> >  	state->dev = dev;
> >  	sd = &state->sd;
> > -- 
> > 2.25.1
> > 
> > 
> > -- 
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200812/13e2c1a1/attachment.sig>

More information about the kernel-team mailing list