On Fri, 25 Nov 2022, Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx> wrote:
> On Fri, 25 Nov 2022, Xia Fukun <xiafukun@xxxxxxxxxx> wrote:
>> When (size != 0 || ptrs->lvds_ entries != 3), the program tries to
>> free() the ptrs. However, the ptrs is not created by calling kzmalloc(),
>> but is obtained by pointer offset operation.
>> This may lead to memory leaks or undefined behavior.
>
> Yeah probably worse things will happen than just leak.
>
>>
>> Fix this by replacing the arguments of kfree() with ptrs_block.
>>
>> Fixes: a87d0a847607 ("drm/i915/bios: Generate LFP data table pointers if the VBT lacks them")
>> Signed-off-by: Xia Fukun <xiafukun@xxxxxxxxxx>
>
> Reviewed-by: Jani Nikula <jani.nikula@xxxxxxxxx>
And pushed to drm-intel-next, thanks for the patch.
BR,
Jani.
>
>> ---
>> drivers/gpu/drm/i915/display/intel_bios.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c
>> index 28bdb936cd1f..edbdb949b6ce 100644
>> --- a/drivers/gpu/drm/i915/display/intel_bios.c
>> +++ b/drivers/gpu/drm/i915/display/intel_bios.c
>> @@ -414,7 +414,7 @@ static void *generate_lfp_data_ptrs(struct drm_i915_private *i915,
>> ptrs->lvds_entries++;
>>
>> if (size != 0 || ptrs->lvds_entries != 3) {
>> - kfree(ptrs);
>> + kfree(ptrs_block);
>> return NULL;
>> }
--
Jani Nikula, Intel Open Source Graphics Center
