ACK/Cmnt: [FOCAL][CVE-2019-19054][PATCH] media: rc: prevent memory leak in cx23888_ir_probe

Stefan Bader stefan.bader at canonical.com
Fri Aug 14 07:34:49 UTC 2020 

On 12.08.20 19:51, William Breathitt Gray wrote:
> From: Navid Emamdoost <navid.emamdoost at gmail.com>
> 
> In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
> should be released.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> Signed-off-by: Sean Young <sean at mess.org>
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung at kernel.org>
> 
> CVE-2019-19054
> 
> (cherry picked from a7b2df76b42bdd026e3106cf2ba97db41345a177)
> Signed-off-by: William Breathitt Gray <william.gray at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---

As Thadeu already said, normally it is better to hold back submitting something
until all series which potentially need this have been prepared. And as soon as
that means separate patches combine those under a cover email which refers to
all series in the subject.

The reasoning there is that when you glance over things in a threaded view, one
normally only sees the cover subject. And in cases where something quickly needs
to go in there might be chances to be missed.

In this case it looks like it ended up being a cherry pick for all series. In
that case waiting would have saved a lot of time because you would only have to
submit one patch without cover email and people only have to look at one thing.

For future reference.

>  drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
> index e880afe37f15..d59ca3601785 100644
> --- a/drivers/media/pci/cx23885/cx23888-ir.c
> +++ b/drivers/media/pci/cx23885/cx23888-ir.c
> @@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
>  		return -ENOMEM;
>  
>  	spin_lock_init(&state->rx_kfifo_lock);
> -	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
> +	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
> +			GFP_KERNEL)) {
> +		kfree(state);
>  		return -ENOMEM;
> +	}
>  
>  	state->dev = dev;
>  	sd = &state->sd;
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200814/fdd2d55f/attachment.sig>

More information about the kernel-team mailing list