1. Patchew
  2. linux
  3. View series

[PATCH] mISDN: Fix memory leak in dsp_pipeline_build()

Alexey Khoroshilov posted 1 patch 4 years, 3 months ago 
drivers/isdn/mISDN/dsp_pipeline.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
[PATCH] mISDN: Fix memory leak in dsp_pipeline_build()
Posted by Alexey Khoroshilov 4 years, 3 months ago 
dsp_pipeline_build() allocates dup pointer by kstrdup(cfg),
but then it updates dup variable by strsep(&dup, "|").
As a result when it calls kfree(dup), the dup variable contains NULL.

Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 960366cf8dbb ("Add mISDN DSP")
---
 drivers/isdn/mISDN/dsp_pipeline.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/isdn/mISDN/dsp_pipeline.c b/drivers/isdn/mISDN/dsp_pipeline.c
index e11ca6bbc7f4..c3b2c99b5cd5 100644
--- a/drivers/isdn/mISDN/dsp_pipeline.c
+++ b/drivers/isdn/mISDN/dsp_pipeline.c
@@ -192,7 +192,7 @@ void dsp_pipeline_destroy(struct dsp_pipeline *pipeline)
 int dsp_pipeline_build(struct dsp_pipeline *pipeline, const char *cfg)
 {
 	int found = 0;
-	char *dup, *tok, *name, *args;
+	char *dup, *next, *tok, *name, *args;
 	struct dsp_element_entry *entry, *n;
 	struct dsp_pipeline_entry *pipeline_entry;
 	struct mISDN_dsp_element *elem;
@@ -203,10 +203,10 @@ int dsp_pipeline_build(struct dsp_pipeline *pipeline, const char *cfg)
 	if (!list_empty(&pipeline->list))
 		_dsp_pipeline_destroy(pipeline);
 
-	dup = kstrdup(cfg, GFP_ATOMIC);
+	dup = next = kstrdup(cfg, GFP_ATOMIC);
 	if (!dup)
 		return 0;
-	while ((tok = strsep(&dup, "|"))) {
+	while ((tok = strsep(&next, "|"))) {
 		if (!strlen(tok))
 			continue;
 		name = strsep(&tok, "(");
-- 
2.7.4
Re: [PATCH] mISDN: Fix memory leak in dsp_pipeline_build()
Posted by patchwork-bot+netdevbpf@kernel.org 4 years, 3 months ago 
Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Fri,  4 Mar 2022 21:25:36 +0300 you wrote:
> dsp_pipeline_build() allocates dup pointer by kstrdup(cfg),
> but then it updates dup variable by strsep(&dup, "|").
> As a result when it calls kfree(dup), the dup variable contains NULL.
> 
> Found by Linux Driver Verification project (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
> Fixes: 960366cf8dbb ("Add mISDN DSP")
> 
> [...]

Here is the summary with links:
  - mISDN: Fix memory leak in dsp_pipeline_build()
    https://git.kernel.org/netdev/net/c/c6a502c22999

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.