Re: [PATCH v3] staging: rtl8723bs: fix potential memory leak in _rtw_init_xmit_priv()

From: Dan Carpenter
Date: Tue Sep 27 2022 - 04:06:38 EST

Next message: Jiri Pirko: "Re: [PATCH v2] headers: Remove some left-over license text"
Previous message: David Laight: "RE: [PATCH net-next v2 07/13] sunhme: Convert FOO((...)) to FOO(...)"
In reply to: xkernel . wang: "[PATCH v3] staging: rtl8723bs: fix potential memory leak in _rtw_init_xmit_priv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 26, 2022 at 03:54:57PM +0800, xkernel.wang@xxxxxxxxxxx wrote:
> From: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>
>
> In _rtw_init_xmit_priv(), there are seven error paths for allocation
> failures without releasing the resources but directly goto `exit`, while
> the exit section only executes `return res;`, which can lead to various
> memory leaks.
>
> To properly release them, this patch unifies the error handlers of
> _rtw_init_xmit_priv() and several error handling paths are added.
> According to the allocation sequence, each error will jump to its
> corresponding error handling tag.
>
> As there is no proper device to test with, no runtime testing was
> performed.
>
> Signed-off-by: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>

This seems to introduce a similar use after free as mentioned in the
change to the other rtl driver.

list_add() followed by a free.

regards,
dan carpenter

Next message: Jiri Pirko: "Re: [PATCH v2] headers: Remove some left-over license text"
Previous message: David Laight: "RE: [PATCH net-next v2 07/13] sunhme: Convert FOO((...)) to FOO(...)"
In reply to: xkernel . wang: "[PATCH v3] staging: rtl8723bs: fix potential memory leak in _rtw_init_xmit_priv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]