Commit 3360f055 authored May 07, 2024 by Zhipeng Lu Committed by Guo Mengqi May 07, 2024

media: go7007: fix a memleak in go7007_load_encoder

stable inclusion
from stable-v4.19.311
commit 7f11dd3d165b178e738fe73dfeea513e383bedb5
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9IB
CVE: CVE-2024-27074

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7f11dd3d165b178e738fe73dfeea513e383bedb5



--------------------------------

[ Upstream commit b9b683844b01d171a72b9c0419a2d760d946ee12 ]

In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without
a deallocation thereafter. After the following call chain:

saa7134_go7007_init
  |-> go7007_boot_encoder
        |-> go7007_load_encoder
  |-> kfree(go)

go is freed and thus bounce is leaked.

Fixes: 95ef3940 ("[media] go7007: remember boot firmware")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Guo Mengqi <guomengqi3@huawei.com>

parent 48d72040

Show whitespace changes

Inline Side-by-side

Please to comment