From: Abdun Nihaal Date: Sun, 29 Jun 2025 14:40:10 +0000 (+0530) Subject: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=505bffe2123323af1e9122583aafeb3a0700bf9c;p=thirdparty%2Flinux.git staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() After commit 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct"), fb_deferred_io_init() allocates memory for info->pagerefs as well as return an error code on failure. However the error code is ignored here and the memory allocated could leak because of not calling fb_deferred_io_cleanup() on the error path. Fix them by adding the cleanup function on the error path, and handling the error code returned by fb_deferred_io_init(). Fixes: 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct") Signed-off-by: Abdun Nihaal Reviewed-by: Dan Carpenter Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/fd2be49cfef72799f17a96d01a4c6b92770cda7d.1751207100.git.abdun.nihaal@gmail.com Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index 39bced4000650..d920164e7710b 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -612,7 +612,8 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, info->fix.line_length = width * bpp / 8; info->fix.accel = FB_ACCEL_NONE; info->fix.smem_len = vmem_size; - fb_deferred_io_init(info); + if (fb_deferred_io_init(info)) + goto release_framebuf; info->var.rotate = pdata->rotate; info->var.xres = width; @@ -652,7 +653,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, if (par->gamma.curves && gamma) { if (fbtft_gamma_parse_str(par, par->gamma.curves, gamma, strlen(gamma))) - goto release_framebuf; + goto cleanup_deferred; } /* Transmit buffer */ @@ -669,7 +670,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, if (txbuflen > 0) { txbuf = devm_kzalloc(par->info->device, txbuflen, GFP_KERNEL); if (!txbuf) - goto release_framebuf; + goto cleanup_deferred; par->txbuf.buf = txbuf; par->txbuf.len = txbuflen; } @@ -691,6 +692,8 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, return info; +cleanup_deferred: + fb_deferred_io_cleanup(info); release_framebuf: fb_deferred_io_cleanup(info); framebuffer_release(info);