From patchwork Mon Dec 5 08:49:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chen Zhongjin X-Patchwork-Id: 29607 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2139603wrr; Mon, 5 Dec 2022 01:03:34 -0800 (PST) X-Google-Smtp-Source: AA0mqf7EcqfuFoqZBo99/9h4eEqqyEed8KXtawH6Vh3RoxgJEJWvw4sWoDUZuAUuTiNLlxGmVipG X-Received: by 2002:a17:907:c719:b0:7ae:31a0:e22f with SMTP id ty25-20020a170907c71900b007ae31a0e22fmr28655176ejc.248.1670231014087; Mon, 05 Dec 2022 01:03:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670231014; cv=none; d=google.com; s=arc-20160816; b=0/qxM0BPOkGQYy+yMbzZdC4yslzl07Q8mTYQCotglFG14EpWcBdBo3SG2SM2tc2UXl vg2DsDHx8MgftcNjvs7bEi3iLRe1wiYpcqQlbd1iN46KfGp6aCHKjLj2arYiWT389Gkt qXD0gkkRMEY/0KU9TM1MNyqRiMceXGRZ6xnoCr7TB7qGiWKzPAAVbYsKKCx8Bb3nUvW3 KVMRNcs45IiAFnOL6nr4CuQ8uUhBUS2viqx7MfovHaIXH/+I2NHq8VoF95HJE29uZsi6 +J3c7hYcSt8wxkIZdSHDXHjO+ZlYja/TX/1AFUjJSEXtyOQ5dwwzsX0dwkclkdP6Mynj 6ccg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from; bh=eP0E6mDrEW0+nJS44gtnMFv3CdNAd2PeAL6jEgua/8M=; b=v1NkHiKDmoD93WCoBf9Ot+0eZOMg7Wp2lVW3ORk0sGQho8MsoLf8hI2LIj1DIL2Ueq 8rVH3vphWILAZM4l03KslKVRLNaiGsu7h3dL/btX2EnTKBBTuLgBwVFAzfxq2uPjPIYU 5x4jk9L/f57Ltop88DghyLkJBq88DMEEGyaA2PVBzAcNUvrMy+AoFLibWqt7WKc5Xin0 rhLsT4FLDFm1fLxlhr+J/myYixnGJLCo53A9WMFw7MGOjyrb42wVlVkrSV5jdxXB0jtY 3Cs6YjKaW+N0ctvq5w4Ys2nQ2nHjnojHWaX/bvSiPQxkWsTZ6wCcQhwEHSDNN+eeRf+w RDww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g9-20020a056402090900b0046b999e884dsi11577984edz.529.2022.12.05.01.03.10; Mon, 05 Dec 2022 01:03:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231861AbiLEIy3 (ORCPT + 99 others); Mon, 5 Dec 2022 03:54:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231540AbiLEIxv (ORCPT ); Mon, 5 Dec 2022 03:53:51 -0500 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7095F7678; Mon, 5 Dec 2022 00:52:57 -0800 (PST) Received: from dggpemm500013.china.huawei.com (unknown [172.30.72.57]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4NQck06QY8z15N6H; Mon, 5 Dec 2022 16:52:08 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.175.36) by dggpemm500013.china.huawei.com (7.185.36.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 5 Dec 2022 16:52:55 +0800 From: Chen Zhongjin To: , , , CC: , , , , , , Subject: [PATCH] fbcon: Fix memleak when fbcon_set_font() fails Date: Mon, 5 Dec 2022 16:49:59 +0800 Message-ID: <20221205084959.147904-1-chenzhongjin@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [10.67.175.36] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500013.china.huawei.com (7.185.36.172) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1751364155874798463?= X-GMAIL-MSGID: =?utf-8?q?1751364155874798463?= syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=7cc8bce62e201c60e36ef0133dab7f6b8afbc626 BUG: memory leak unreferenced object 0xffff888111648000 (size 18448): backtrace: [] kmalloc [] fbcon_set_font+0x1a9/0x470 [] con_font_set [] con_font_op+0x3a9/0x600 ... It's because when fbcon_do_set_font() fails in fbcon_set_font(), it return error directly and doesn't free allocated memory 'new_data'. Reported-by: syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Chen Zhongjin --- drivers/video/fbdev/core/fbcon.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index c0143d38df83..edb01d200b5b 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -2480,7 +2480,7 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, int w = font->width; int h = font->height; int size; - int i, csum; + int i, csum, ret; u8 *new_data, *data = font->data; int pitch = PITCH(font->width); @@ -2539,7 +2539,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, break; } } - return fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1); + + ret = fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1); + if (ret && i > last_fb_vc) + kfree(new_data - FONT_EXTRA_WORDS * sizeof(int)); + return ret; } static int fbcon_set_def_font(struct vc_data *vc, struct console_font *font, char *name)