Commit 3c3bfb85 authored Dec 06, 2022 by Tetsuo Handa Committed by Helge Deller Dec 14, 2022

fbdev: fbcon: release buffer when fbcon_do_set_font() failed

syzbot is reporting memory leak at fbcon_do_set_font() [1], for
commit a5a92303 ("fbdev: fbcon: Properly revert changes when
vc_resize() failed") missed that the buffer might be newly allocated
by fbcon_set_font().

Link: https://syzkaller.appspot.com/bug?extid=25bdb7b1703639abd498

 [1]
Reported-by: syzbot <syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com>
Fixes: a5a92303 ("fbdev: fbcon: Properly revert changes when vc_resize() failed")
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Helge Deller <deller@gmx.de>

parent b20a558d

drivers/video/fbdev/core/fbcon.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2450,7 +2450,8 @@ static int fbcon_do_set_font(struct vc_data *vc, int w, int h, int charcount,

		if (userfont) {
		p->userfont = old_userfont;
		REFCOUNT(data)--;
		if (--REFCOUNT(data) == 0)
		kfree(data - FONT_EXTRA_WORDS * sizeof(int));
		}

		vc->vc_font.width = old_width;