1. Patchew
  2. linux
  3. View series

[PATCH] video: of_display_timing: fix refcount leak in of_get_display_timings()

Weigang He posted 1 patch 3 weeks, 1 day ago 
drivers/video/of_display_timing.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] video: of_display_timing: fix refcount leak in of_get_display_timings()
Posted by Weigang He 3 weeks, 1 day ago 
of_parse_phandle() returns a device_node with refcount incremented,
which is stored in 'entry' and then copied to 'native_mode'. When the
error paths at lines 184 or 192 jump to 'entryfail', native_mode's
refcount is not decremented, causing a refcount leak.

Fix this by changing the goto target from 'entryfail' to 'timingfail',
which properly calls of_node_put(native_mode) before cleanup.

Fixes: cc3f414cf2e4 ("video: add of helper for display timings/videomode")
Cc: stable@vger.kernel.org
Signed-off-by: Weigang He <geoffreyhe2@gmail.com>
---
 drivers/video/of_display_timing.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/video/of_display_timing.c b/drivers/video/of_display_timing.c
index bebd371c6b93e..1940c9505dd3b 100644
--- a/drivers/video/of_display_timing.c
+++ b/drivers/video/of_display_timing.c
@@ -181,7 +181,7 @@ struct display_timings *of_get_display_timings(const struct device_node *np)
 	if (disp->num_timings == 0) {
 		/* should never happen, as entry was already found above */
 		pr_err("%pOF: no timings specified\n", np);
-		goto entryfail;
+		goto timingfail;
 	}
 
 	disp->timings = kcalloc(disp->num_timings,
@@ -189,7 +189,7 @@ struct display_timings *of_get_display_timings(const struct device_node *np)
 				GFP_KERNEL);
 	if (!disp->timings) {
 		pr_err("%pOF: could not allocate timings array\n", np);
-		goto entryfail;
+		goto timingfail;
 	}
 
 	disp->num_timings = 0;
-- 
2.34.1
Re: [PATCH] video: of_display_timing: fix refcount leak in of_get_display_timings()
Posted by Helge Deller 1 week, 4 days ago 
On 1/16/26 10:57, Weigang He wrote:
> of_parse_phandle() returns a device_node with refcount incremented,
> which is stored in 'entry' and then copied to 'native_mode'. When the
> error paths at lines 184 or 192 jump to 'entryfail', native_mode's
> refcount is not decremented, causing a refcount leak.
> 
> Fix this by changing the goto target from 'entryfail' to 'timingfail',
> which properly calls of_node_put(native_mode) before cleanup.
> 
> Fixes: cc3f414cf2e4 ("video: add of helper for display timings/videomode")
> Cc: stable@vger.kernel.org
> Signed-off-by: Weigang He <geoffreyhe2@gmail.com>
> ---
>   drivers/video/of_display_timing.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)

applied.

Thanks!
Helge

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.