On Fri, 25 Nov 2022, Xia Fukun <xiafukun@xxxxxxxxxx> wrote: > When (size != 0 || ptrs->lvds_ entries != 3), the program tries to > free() the ptrs. However, the ptrs is not created by calling kzmalloc(), > but is obtained by pointer offset operation. > This may lead to memory leaks or undefined behavior. Yeah probably worse things will happen than just leak. > > Fix this by replacing the arguments of kfree() with ptrs_block. > > Fixes: a87d0a847607 ("drm/i915/bios: Generate LFP data table pointers if the VBT lacks them") > Signed-off-by: Xia Fukun <xiafukun@xxxxxxxxxx> Reviewed-by: Jani Nikula <jani.nikula@xxxxxxxxx> > --- > drivers/gpu/drm/i915/display/intel_bios.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c > index 28bdb936cd1f..edbdb949b6ce 100644 > --- a/drivers/gpu/drm/i915/display/intel_bios.c > +++ b/drivers/gpu/drm/i915/display/intel_bios.c > @@ -414,7 +414,7 @@ static void *generate_lfp_data_ptrs(struct drm_i915_private *i915, > ptrs->lvds_entries++; > > if (size != 0 || ptrs->lvds_entries != 3) { > - kfree(ptrs); > + kfree(ptrs_block); > return NULL; > } -- Jani Nikula, Intel Open Source Graphics Center