On Thu, Jan 08, 2026 at 10:16:10AM -0800, Samasth Norway Ananda wrote:
> After successfully allocating buf with kzalloc(), if
> cfg80211_inform_bss_frame() returns NULL, the code jumps to the exit
> label without freeing buf, causing a memory leak. Add kfree(buf) before
> the goto to properly free the buffer in this error case.
>
> Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
> ---
> drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
> index 60edeae1cffe..d80e23cfdf8d 100644
> --- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
> +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
> @@ -314,8 +314,10 @@ struct cfg80211_bss *rtw_cfg80211_inform_bss(struct adapter *padapter, struct wl
> bss = cfg80211_inform_bss_frame(wiphy, notify_channel, (struct ieee80211_mgmt *)buf,
> len, notify_signal, GFP_ATOMIC);
>
> - if (unlikely(!bss))
> + if (unlikely(!bss)) {
> + kfree(buf);
> goto exit;
> + }
>
> cfg80211_put_bss(wiphy, bss);
> kfree(buf);
This code is so ugly but that's not really related to your patch...
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
regards,
dan carpenter