]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b3e458)
HID: apple: avoid memory leak in apple_report_fixup()
authorGünther Noack <gnoack@google.com>
Thu, 19 Feb 2026 15:43:36 +0000 (16:43 +0100)
committerBenjamin Tissoires <bentiss@kernel.org>
Thu, 19 Feb 2026 17:57:38 +0000 (18:57 +0100)
The apple_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Günther Noack <gnoack@google.com>
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
drivers/hid/hid-apple.c patch | blob | blame | history

diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c
index 233e367cce1d12a4a0a6935c65fc164220c3d058..894adc23367b7b1fd3954b3f27991b7b59d4d4aa 100644 (file)
--- a/drivers/hid/hid-apple.c
+++ b/drivers/hid/hid-apple.c
@@ -686,9 +686,7 @@ static const __u8 *apple_report_fixup(struct hid_device *hdev, __u8 *rdesc,
                hid_info(hdev,
                         "fixing up Magic Keyboard battery report descriptor\n");
                *rsize = *rsize - 1;
-               rdesc = kmemdup(rdesc + 1, *rsize, GFP_KERNEL);
-               if (!rdesc)
-                       return NULL;
+               rdesc = rdesc + 1;
 
                rdesc[0] = 0x05;
                rdesc[1] = 0x01;
A mirror of Linus' kernel repository