[PATCH] fbdev: fbcon: release buffer when fbcon_do_set_font() failed
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Mon Dec 5 22:10:31 UTC 2022
syzbot is reporting memory leak at fbcon_do_set_font() [1], for
commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when
vc_resize() failed") missed that the buffer might be newly allocated
by fbcon_set_font().
Link: https://syzkaller.appspot.com/bug?extid=25bdb7b1703639abd498 [1]
Reported-by: syzbot <syzbot+25bdb7b1703639abd498 at syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+25bdb7b1703639abd498 at syzkaller.appspotmail.com>
Fixes: a5a923038d70 ("fbdev: fbcon: Properly revert changes when vc_resize() failed")
---
drivers/video/fbdev/core/fbcon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 098b62f7b701..8363f3b2b452 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2450,7 +2450,8 @@ static int fbcon_do_set_font(struct vc_data *vc, int w, int h, int charcount,
if (userfont) {
p->userfont = old_userfont;
- REFCOUNT(data)--;
+ if (--REFCOUNT(data) == 0)
+ kfree(data - FONT_EXTRA_WORDS * sizeof(int));
}
vc->vc_font.width = old_width;
--
2.34.1
More information about the dri-devel
mailing list