Re: [PATCH] media: uvc_v4l2: fix possible memory leak in uvc_ioctl_ctrl_map

[Laurent Pinchart]

Hi Hangyu,

Thank you for the patch.

On Thu, Mar 24, 2022 at 04:17:18PM +0800, Hangyu Hua wrote:
> map->name needs to be freed when uvc_ioctl_ctrl_map fails.
> 
> Signed-off-by: Hangyu Hua <hbh25y@xxxxxxxxx>
> ---
>  drivers/media/usb/uvc/uvc_v4l2.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
> index 711556d13d03..e46a2f3b06cb 100644
> --- a/drivers/media/usb/uvc/uvc_v4l2.c
> +++ b/drivers/media/usb/uvc/uvc_v4l2.c
> @@ -93,6 +93,7 @@ static int uvc_ioctl_ctrl_map(struct uvc_video_chain *chain,
>  
>  	kfree(map->menu_info);
>  free_map:
> +	kfree(map->name);

The memory is actually freed in uvc_ctrl_cleanup_mappings() in the
non-error case. I think we could improve this by avoiding the kmemdup()
in this function, and duplicating the name in __uvc_ctrl_add_mapping()
instead. What do you think ?

>  	kfree(map);
>  
>  	return ret;

-- 
Regards,

Laurent Pinchart