diff mbox series

[v2] media: gspca: Fix memory leak in probe

Message ID 20201202172004.GB1057740@rowland.harvard.edu (mailing list archive)
State Accepted
Commit e469d0b09a19496e1972a20974bbf55b728151eb
Headers show
Series [v2] media: gspca: Fix memory leak in probe | expand

Commit Message

Alan Stern Dec. 2, 2020, 5:20 p.m. UTC
The gspca driver leaks memory when a probe fails.  gspca_dev_probe2()
calls v4l2_device_register(), which takes a reference to the
underlying device node (in this case, a USB interface).  But the
failure pathway neglects to call v4l2_device_unregister(), the routine
responsible for dropping this reference.  Consequently the memory for
the USB interface and its device never gets released.

This patch adds the missing function call.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+44e64397bd81d5e84cba@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>

---

v2: Replace v4l2_device_disconnect() call with v4l2_device_unregister().


[as1949b]


 drivers/media/usb/gspca/gspca.c |    1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

Index: usb-devel/drivers/media/usb/gspca/gspca.c
===================================================================
--- usb-devel.orig/drivers/media/usb/gspca/gspca.c
+++ usb-devel/drivers/media/usb/gspca/gspca.c
@@ -1575,6 +1575,7 @@  out:
 		input_unregister_device(gspca_dev->input_dev);
 #endif
 	v4l2_ctrl_handler_free(gspca_dev->vdev.ctrl_handler);
+	v4l2_device_unregister(&gspca_dev->v4l2_dev);
 	kfree(gspca_dev->usb_buf);
 	kfree(gspca_dev);
 	return ret;