This is a note to let you know that I've just added the patch titled Input: atmel_mxt_ts - fix double free in mxt_read_info_block to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: input-atmel_mxt_ts-fix-double-free-in-mxt_read_info_block.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 12f247ab590a08856441efdbd351cf2cc8f60a2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jose.exposito89@xxxxxxxxx> Date: Sun, 12 Dec 2021 21:01:49 -0800 Subject: Input: atmel_mxt_ts - fix double free in mxt_read_info_block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: José Expósito <jose.exposito89@xxxxxxxxx> commit 12f247ab590a08856441efdbd351cf2cc8f60a2d upstream. The "id_buf" buffer is stored in "data->raw_info_block" and freed by "mxt_free_object_table" in case of error. Return instead of jumping to avoid a double free. Addresses-Coverity-ID: 1474582 ("Double free") Fixes: 068bdb67ef74 ("Input: atmel_mxt_ts - fix the firmware update") Signed-off-by: José Expósito <jose.exposito89@xxxxxxxxx> Link: https://lore.kernel.org/r/20211212194257.68879-1-jose.exposito89@xxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/input/touchscreen/atmel_mxt_ts.c +++ b/drivers/input/touchscreen/atmel_mxt_ts.c @@ -1768,7 +1768,7 @@ static int mxt_read_info_block(struct mx if (error) { dev_err(&client->dev, "Error %d parsing object table\n", error); mxt_free_object_table(data); - goto err_free_mem; + return error; } data->object_table = (struct mxt_object *)(id_buf + MXT_OBJECT_START); Patches currently in stable-queue which might be from jose.exposito89@xxxxxxxxx are queue-4.14/input-atmel_mxt_ts-fix-double-free-in-mxt_read_info_block.patch queue-4.14/ib-qib-fix-memory-leak-in-qib_user_sdma_queue_pkts.patch