[FOCAL][CVE-2019-19054][PATCH] media: rc: prevent memory leak in cx23888_ir_probe

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Wed Aug 12 18:35:51 UTC 2020 

On Wed, Aug 12, 2020 at 02:27:14PM -0400, William Breathitt Gray wrote:
> On Wed, Aug 12, 2020 at 03:21:57PM -0300, Thadeu Lima de Souza Cascardo wrote:
> > On Wed, Aug 12, 2020 at 01:51:12PM -0400, William Breathitt Gray wrote:
> > > From: Navid Emamdoost <navid.emamdoost at gmail.com>
> > > 
> > > In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
> > > should be released.
> > > 
> > > Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> > > Signed-off-by: Sean Young <sean at mess.org>
> > > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung at kernel.org>
> > > 
> > > CVE-2019-19054
> > 
> > Hi, William.
> > 
> > This applies cleanly on 5.3, 5.0, 4.15 and 4.4 kernels. Why wasn't it
> > submitted to those kernels as well?
> > 
> > Thanks.
> > Cascardo.
> > 
> > PS: this is not needed on 5.6 or 5.8.
> 
> Hi Cascardo,
> 
> I'm still running test builds for the other kernels to verify there are
> no issues. In the future, should I wait to submit all of these together?
> 
> Thanks,
> 
> William Breathitt Gray
> 

Unless you are expecting to have problems with backports or tests on older
series, I think it's best to just wait for all of them before sending.
Otherwise, you end up taking everyone's time to review the same thing again. Or
rather, you don't take advantage of the ACKs you already got for the same
bug/CVE.

Cascardo.

> > > 
> > > (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
> > > Signed-off-by: William Breathitt Gray <william.gray at canonical.com>
> > > ---
> > >  drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
> > > index e880afe37f15..d59ca3601785 100644
> > > --- a/drivers/media/pci/cx23885/cx23888-ir.c
> > > +++ b/drivers/media/pci/cx23885/cx23888-ir.c
> > > @@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
> > >  		return -ENOMEM;
> > >  
> > >  	spin_lock_init(&state->rx_kfifo_lock);
> > > -	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
> > > +	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
> > > +			GFP_KERNEL)) {
> > > +		kfree(state);
> > >  		return -ENOMEM;
> > > +	}
> > >  
> > >  	state->dev = dev;
> > >  	sd = &state->sd;
> > > -- 
> > > 2.25.1
> > > 
> > > 
> > > -- 
> > > kernel-team mailing list
> > > kernel-team at lists.ubuntu.com
> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list