i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr [Linux 4.14.129]

i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr [Linux 4.14.129]

This Linux kernel change "i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr" is included in the Linux 4.14.129 release. This change is authored by Yingjoe Chen <yingjoe.chen [at] mediatek.com> on Tue May 7 22:20:32 2019 +0800. The commit for this change in Linux stable tree is 8bf2a24 (patch) which is from upstream commit a0692f0. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream a0692f0.

i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr

[ Upstream commit a0692f0eef91354b62c2b4c94954536536be5425 ]

If I2C_M_RECV_LEN check failed, msgs[i].buf allocated by memdup_user
will not be freed. Pump index up so it will be freed.

Fixes: 838bfa6049fb ("i2c-dev: Add support for I2C_M_RECV_LEN")
Signed-off-by: Yingjoe Chen <[email protected]>
Signed-off-by: Wolfram Sang <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>

There is one line of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/i2c/i2c-dev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
index 00e8e67..eaa312b 100644
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -297,6 +297,7 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
                rdwr_pa[i].buf[0] < 1 ||
                rdwr_pa[i].len < rdwr_pa[i].buf[0] +
                         I2C_SMBUS_BLOCK_MAX) {
+               i++;
                res = -EINVAL;
                break;
            }

Leave a Reply

Your email address will not be published. Required fields are marked *