Re: [PATCH] media: em28xx: fix memory leak in em28xx_init_dev

[Pavel Skripkin]

On 11/1/21 21:32, Dan Carpenter wrote:
> On Mon, Nov 01, 2021 at 05:55:39PM +0800, Dongliang Mu wrote:
> > In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
> > to deallocate the media_dev allocated in the em28xx_media_device_init.
> >
> > Fix this by adding em28xx_unregister_media_device to free media_dev.
> >
> > BTW, this patch is tested in my local syzkaller instance, and it can
> > prevent the memory leak from occurring again.
> >
> > CC: Pavel Skripkin <paskripkin@xxxxxxxxx>
> > Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
> > Signed-off-by: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
> > Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
>
> Is this really a syzbot warning?  If so it should be in the format:
>
> Reported-by: syzbot+4c4ffd1e1094dae61035@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> Syzbot is different from syzkaller.  Syzkaller is the fuzzer and syzbot
> is the program which reports syzkaller bugs.

Bug report is from his local instance. He just wants to give credit to 
syzbot for finding it

> > ---
> >  drivers/media/usb/em28xx/em28xx-cards.c | 19 +++++++++++++------
> >  1 file changed, 13 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
> > index c1e0dccb7408..fca68939ca50 100644
> > --- a/drivers/media/usb/em28xx/em28xx-cards.c
> > +++ b/drivers/media/usb/em28xx/em28xx-cards.c
> > @@ -3625,8 +3625,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
> >  
>
> There is no check to see if the em28xx_media_device_init() fails.  I

I guess, it should work, since there a lot of checks to see if this 
pointer is valid, i.e driver can work even without this pointer, AFAIK

> don't love that we call unregister() to undo the init() but it seems
> like it should work...

Same here, but it is out of scope of this patch :)



With regards,
Pavel Skripkin