1. Patchew
  2. linux
  3. View series

[PATCH] iio: gts-helper: Fix memory leaks for i = 1 error path

Jinjie Ruan posted 1 patch 1 month, 2 weeks ago 
drivers/iio/industrialio-gts-helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] iio: gts-helper: Fix memory leaks for i = 1 error path
Posted by Jinjie Ruan 1 month, 2 weeks ago 
If i = 1, and per_time_scales[i] or per_time_gains[i] kcalloc fails in
iio_gts_build_avail_scale_table(), the err_free_out will fail to enter
kfree for loop because i-- is 0, and all the per_time_scales[0] and
per_time_gains[0] will not be freed, which will cause memory leaks.

Fix it by checking if i >= 0.

Cc: stable@vger.kernel.org
Fixes: 38416c28e168 ("iio: light: Add gain-time-scale helpers")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
---
 drivers/iio/industrialio-gts-helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iio/industrialio-gts-helper.c b/drivers/iio/industrialio-gts-helper.c
index 7326c7949244..5f131bc1a01e 100644
--- a/drivers/iio/industrialio-gts-helper.c
+++ b/drivers/iio/industrialio-gts-helper.c
@@ -315,7 +315,7 @@ static int iio_gts_build_avail_scale_table(struct iio_gts *gts)
 	return 0;
 
 err_free_out:
-	for (i--; i; i--) {
+	for (i--; i >= 0; i--) {
 		kfree(per_time_scales[i]);
 		kfree(per_time_gains[i]);
 	}
-- 
2.34.1
Re: [PATCH] iio: gts-helper: Fix memory leaks for i = 1 error path
Posted by Matti Vaittinen 1 month, 1 week ago 
Thanks a lot Jinjie. I appreciate your fixes!

On 14/10/2024 04:31, Jinjie Ruan wrote:
> If i = 1, and per_time_scales[i] or per_time_gains[i] kcalloc fails in
> iio_gts_build_avail_scale_table(), the err_free_out will fail to enter
> kfree for loop because i-- is 0, and all the per_time_scales[0] and
> per_time_gains[0] will not be freed, which will cause memory leaks.

I guess the loop never frees the memory pointed by the first pointer in 
these arrays. I mean, the freeing is not working as it should even if 
the 'i' was something else but 1.

> 
> Fix it by checking if i >= 0.

The fix seems good to me. So, with a tiny change in commit message:

Reviewed-by: Matti Vaittinen <mazziesaccount@gmail.com>

> 
> Cc: stable@vger.kernel.org
> Fixes: 38416c28e168 ("iio: light: Add gain-time-scale helpers")
> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
> ---
>   drivers/iio/industrialio-gts-helper.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/iio/industrialio-gts-helper.c b/drivers/iio/industrialio-gts-helper.c
> index 7326c7949244..5f131bc1a01e 100644
> --- a/drivers/iio/industrialio-gts-helper.c
> +++ b/drivers/iio/industrialio-gts-helper.c
> @@ -315,7 +315,7 @@ static int iio_gts_build_avail_scale_table(struct iio_gts *gts)
>   	return 0;
>   
>   err_free_out:
> -	for (i--; i; i--) {
> +	for (i--; i >= 0; i--) {
>   		kfree(per_time_scales[i]);
>   		kfree(per_time_gains[i]);
>   	}
Re: [PATCH] iio: gts-helper: Fix memory leaks for i = 1 error path
Posted by Jinjie Ruan 1 month, 1 week ago 

On 2024/10/15 17:03, Matti Vaittinen wrote:
> Thanks a lot Jinjie. I appreciate your fixes!
> 
> On 14/10/2024 04:31, Jinjie Ruan wrote:
>> If i = 1, and per_time_scales[i] or per_time_gains[i] kcalloc fails in
>> iio_gts_build_avail_scale_table(), the err_free_out will fail to enter
>> kfree for loop because i-- is 0, and all the per_time_scales[0] and
>> per_time_gains[0] will not be freed, which will cause memory leaks.
> 
> I guess the loop never frees the memory pointed by the first pointer in
> these arrays. I mean, the freeing is not working as it should even if
> the 'i' was something else but 1.

Yes, the title is not very clear. In fact, all the per_time_scales[0] or
per_time_scales[0] in the function error path are not released.

> 
>>
>> Fix it by checking if i >= 0.
> 
> The fix seems good to me. So, with a tiny change in commit message:
> 
> Reviewed-by: Matti Vaittinen <mazziesaccount@gmail.com>
> 
>>
>> Cc: stable@vger.kernel.org
>> Fixes: 38416c28e168 ("iio: light: Add gain-time-scale helpers")
>> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
>> ---
>>   drivers/iio/industrialio-gts-helper.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/iio/industrialio-gts-helper.c
>> b/drivers/iio/industrialio-gts-helper.c
>> index 7326c7949244..5f131bc1a01e 100644
>> --- a/drivers/iio/industrialio-gts-helper.c
>> +++ b/drivers/iio/industrialio-gts-helper.c
>> @@ -315,7 +315,7 @@ static int iio_gts_build_avail_scale_table(struct
>> iio_gts *gts)
>>       return 0;
>>     err_free_out:
>> -    for (i--; i; i--) {
>> +    for (i--; i >= 0; i--) {
>>           kfree(per_time_scales[i]);
>>           kfree(per_time_gains[i]);
>>       }
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.