Re: [PATCH] genetlink: Prevent memory leak when krealloc fail

From: Florian Westphal
Date: Sat Nov 18 2023 - 07:02:54 EST

Next message: Bryan O'Donoghue: "[PATCH v5 1/7] media: qcom: camss: Flag which VFEs require a power-domain"
Previous message: Xu Yilun: "Re: [RFC PATCH] fpga: remove module reference counting from core components"
In reply to: Kamil Duljas: "[PATCH] genetlink: Prevent memory leak when krealloc fail"
Next in thread: Kamil Duljas: "Re: [PATCH] genetlink: Prevent memory leak when krealloc fail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kamil Duljas <kamil.duljas@xxxxxxxxx> wrote:
> genl_allocate_reserve_groups() allocs new memory in while loop
> but if krealloc fail, the memory allocated by kzalloc is not freed.
> It seems allocated memory is unnecessary when the function
> returns -ENOMEM

Why should it be free'd? mc_groups is not a local variable.

> new_groups = krealloc(mc_groups, nlen,
> GFP_KERNEL);
> - if (!new_groups)
> + if (!new_groups) {
> + kfree(mc_groups);
> return -ENOMEM;
> + }

How did you test this? AFAICS this results in use-after-free for every
access to mc_groups after this error path is taken.

Existing code looks correct, we can't grow mc_groups and return an
error.

Next message: Bryan O'Donoghue: "[PATCH v5 1/7] media: qcom: camss: Flag which VFEs require a power-domain"
Previous message: Xu Yilun: "Re: [RFC PATCH] fpga: remove module reference counting from core components"
In reply to: Kamil Duljas: "[PATCH] genetlink: Prevent memory leak when krealloc fail"
Next in thread: Kamil Duljas: "Re: [PATCH] genetlink: Prevent memory leak when krealloc fail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]