[v2] HID: Fix some memory leaks in drivers/hid

[PATCH v2 3/4] HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

Posted by Günther Noack 1 month, 1 week ago

The magicmouse_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Günther Noack <gnoack@google.com>
---
 drivers/hid/hid-magicmouse.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
index 91f621ceb924..17908d52c027 100644
--- a/drivers/hid/hid-magicmouse.c
+++ b/drivers/hid/hid-magicmouse.c
@@ -994,9 +994,7 @@ static const __u8 *magicmouse_report_fixup(struct hid_device *hdev, __u8 *rdesc,
 		hid_info(hdev,
 			 "fixing up magicmouse battery report descriptor\n");
 		*rsize = *rsize - 1;
-		rdesc = kmemdup(rdesc + 1, *rsize, GFP_KERNEL);
-		if (!rdesc)
-			return NULL;
+		rdesc = rdesc + 1;
 
 		rdesc[0] = 0x05;
 		rdesc[1] = 0x01;
-- 
2.53.0.371.g1d285c8824-goog

[PATCH v2 1/4] HID: Document memory allocation properties of report_fixup()
[PATCH v2 2/4] HID: apple: avoid memory leak in apple_report_fixup()
[PATCH v2 3/4] HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
[PATCH v2 4/4] HID: asus: avoid memory leak in asus_report_fixup()