1. Patchew
  2. linux
  3. View series

[PATCH] media: omap: vout: avoid double free on video register failure

Guangshuo Li posted 1 patch 6 days, 15 hours ago 
drivers/media/platform/ti/omap/omap_vout.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] media: omap: vout: avoid double free on video register failure
Posted by Guangshuo Li 6 days, 15 hours ago 
omap_vout_create_video_devices() registers a video_device and releases it
from the error path if video_register_device() fails.

This can double free the video_device when __video_register_device()
reaches device_register() and that call fails:

  video_register_device()
    -> __video_register_device()
       -> device_register() fails
          -> put_device(&vdev->dev)
             -> v4l2_device_release()
                -> vdev->release(vdev)
                   -> video_device_release(vdev)

  omap_vout_create_video_devices()
    -> error1
       -> video_device_release(vfd)

Use video_device_release_empty() while registering the device so that
registration failure paths do not free vfd through vdev->release().
omap_vout_create_video_devices() then releases vfd exactly once from the
error path. Restore video_device_release() after successful registration
so the registered device keeps its normal lifetime handling.

This issue was found by a static analysis tool I am developing.

Fixes: 5c7ab6348e7b ("V4L/DVB: V4L2: Add support for OMAP2/3 V4L2 display driver on top of DSS2")
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/media/platform/ti/omap/omap_vout.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/media/platform/ti/omap/omap_vout.c b/drivers/media/platform/ti/omap/omap_vout.c
index 8d0319a37ba8..691f97ac5ed4 100644
--- a/drivers/media/platform/ti/omap/omap_vout.c
+++ b/drivers/media/platform/ti/omap/omap_vout.c
@@ -1501,6 +1501,7 @@ static int __init omap_vout_create_video_devices(struct platform_device *pdev)
 		/* Register the Video device with V4L2
 		 */
 		vfd = vout->vfd;
+		vfd->release = video_device_release_empty;
 		if (video_register_device(vfd, VFL_TYPE_VIDEO, -1) < 0) {
 			dev_err(&pdev->dev,
 				": Could not register Video for Linux device\n");
@@ -1508,6 +1509,7 @@ static int __init omap_vout_create_video_devices(struct platform_device *pdev)
 			ret = -ENODEV;
 			goto error2;
 		}
+		vfd->release = video_device_release;
 		video_set_drvdata(vfd, vout);
 
 		dev_info(&pdev->dev,
-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.