From nobody Mon Feb  9 03:50:55 2026
Received: from mail-m49198.qiye.163.com (mail-m49198.qiye.163.com
 [45.254.49.198])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41DB322A4FC
	for <linux-kernel@vger.kernel.org>; Thu, 22 Jan 2026 13:10:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=45.254.49.198
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769087406; cv=none;
 b=DarmHGH4Kwo6HtvKHC1Bw4lEBQMYJs3wVv8on1sp3gRTIOHQebB4iMDWMY3a2TDFaPDI5ew40YMH+6OxRdW6eV3duNwxaAtwwmsZOe3Ucj72DQsnvWUGUajaFu9u2S4cReLRRSkwIAPNPJkrkL9OlxGwVUlJOUOTaMptG7awOG0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769087406; c=relaxed/simple;
	bh=uK4h+1oReRyYvDkvfZzLIttpXAB6F4qMEDLja1qNs+4=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=RLWc8sjvw2Z/tJaOV6uyYqqVKjWWWcSyUJRI1P2SqAXitkLUezcmZ7TWvcSy94YJj1s35cd7FIsiAjVvujZ9jE0Hk1r80b9BrVMxYSYngA3LPEvbzz/+pFbcRTqk/iJSIEAbdEhb9h2V6sp4biGz3+xfLqxfBWvdrC4Qpai14JA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=seu.edu.cn;
 spf=pass smtp.mailfrom=seu.edu.cn;
 dkim=pass (1024-bit key) header.d=seu.edu.cn header.i=@seu.edu.cn
 header.b=j1ZZJ+5g; arc=none smtp.client-ip=45.254.49.198
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=seu.edu.cn
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=seu.edu.cn
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=seu.edu.cn header.i=@seu.edu.cn
 header.b="j1ZZJ+5g"
Received: from LAPTOP-N070L597.localdomain (unknown [58.241.16.34])
	by smtp.qiye.163.com (Hmail) with ESMTP id 319b85ee9;
	Thu, 22 Jan 2026 21:09:52 +0800 (GMT+08:00)
From: Zilin Guan <zilin@seu.edu.cn>
To: miquel.raynal@bootlin.com
Cc: richard@nod.at,
	vigneshr@ti.com,
	linux-mtd@lists.infradead.org,
	linux-kernel@vger.kernel.org,
	jianhao.xu@seu.edu.cn,
	Zilin Guan <zilin@seu.edu.cn>
Subject: [PATCH] mtd: parsers: Fix memory leak in
 mtd_parser_tplink_safeloader_parse()
Date: Thu, 22 Jan 2026 13:09:50 +0000
Message-Id: <20260122130950.758563-1-zilin@seu.edu.cn>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-HM-Tid: 0a9be5d35a0703a1kunmf2b331223ed2f
X-HM-MType: 10
X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly
	tZV1koWUFITzdXWS1ZQUlXWQ8JGhUIEh9ZQVlCSEtNVklCTUgZQx5JQx5CQlYeHw5VEwETFhoSFy
	QUDg9ZV1kYEgtZQVlOQ1VJT0pVSk1VSE9ZV1kWGg8SFR0UWUFZT0tIVUpLSUhOQ0NVSktLVUtZBg
	++
DKIM-Signature: a=rsa-sha256;
	b=j1ZZJ+5gjWiD1VgfqRJYlg5twZ+9SxvDQpc9fndhmnwUF3lvIHwAxnr+yKvQXXLtgMVgVTZ6KuAA8VE3mNpDolFYcS6+0Sru9Vr2jpY32GOI41w2WfO8wCIjOMqN/zARW5kG/OA8w4OGuZJD84vaDhdpIcSOrGV5q7zI4RNLbPA=;
 c=relaxed/relaxed; s=default; d=seu.edu.cn; v=1;
	bh=YeI5p4thje2zu1p2OI+kafuurM2OYDaenOJ0uKDaqeo=;
	h=date:mime-version:subject:message-id:from;
Content-Type: text/plain; charset="utf-8"

The function mtd_parser_tplink_safeloader_parse() allocates buf via
mtd_parser_tplink_safeloader_read_table(). If the allocation for
parts[idx].name fails inside the loop, the code jumps to the err_free
label without freeing buf, leading to a memory leak.

Fix this by freeing the temporary buffer buf in the err_free label.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Fixes: 00a3588084be ("mtd: parsers: add TP-Link SafeLoader partitions table=
 parser")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
 drivers/mtd/parsers/tplink_safeloader.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mtd/parsers/tplink_safeloader.c b/drivers/mtd/parsers/=
tplink_safeloader.c
index e358a029dc70..4fcaf92d22e4 100644
--- a/drivers/mtd/parsers/tplink_safeloader.c
+++ b/drivers/mtd/parsers/tplink_safeloader.c
@@ -116,6 +116,7 @@ static int mtd_parser_tplink_safeloader_parse(struct mt=
d_info *mtd,
 	return idx;
=20
 err_free:
+	kfree(buf);
 	for (idx -=3D 1; idx >=3D 0; idx--)
 		kfree(parts[idx].name);
 err_free_parts:
--=20
2.34.1