[SRU][X][PATCH 1/1] iio: imu: adis16400: fix memory leak
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Fri Mar 12 14:35:37 UTC 2021
From: Navid Emamdoost <navid.emamdoost at gmail.com>
CVE-2019-19061
In adis_update_scan_mode_burst, if adis->buffer allocation fails release
the adis->xfer.
Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean at analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron at huawei.com>
(cherry picked from commit 9c0530e898f384c5d279bfcebd8bb17af1105873)
[krzk: backport applied to adis16400_buffer.c instead of adis_buffer.c]
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
---
drivers/iio/imu/adis16400_buffer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/imu/adis16400_buffer.c b/drivers/iio/imu/adis16400_buffer.c
index 90c24a23c679..c0eb9dfd1c45 100644
--- a/drivers/iio/imu/adis16400_buffer.c
+++ b/drivers/iio/imu/adis16400_buffer.c
@@ -37,8 +37,11 @@ int adis16400_update_scan_mode(struct iio_dev *indio_dev,
return -ENOMEM;
adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL);
- if (!adis->buffer)
+ if (!adis->buffer) {
+ kfree(adis->xfer);
+ adis->xfer = NULL;
return -ENOMEM;
+ }
tx = adis->buffer + burst_length;
tx[0] = ADIS_READ_REG(ADIS16400_GLOB_CMD);
--
2.25.1
More information about the kernel-team
mailing list