tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fbdev: fbcon: release buffer when fbcon_do_set_font() failed

syzbot is reporting memory leak at fbcon_do_set_font() [1], for
commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when
vc_resize() failed") missed that the buffer might be newly allocated
by fbcon_set_font().

Link: https://syzkaller.appspot.com/bug?extid=25bdb7b1703639abd498 [1]
Reported-by: syzbot <syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com>
Fixes: a5a923038d70 ("fbdev: fbcon: Properly revert changes when vc_resize() failed")
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Helge Deller <deller@gmx.de>

authored by

Tetsuo Handa and committed by
Helge Deller 3c3bfb85 b20a558d

+2 -1
+2 -1
drivers/video/fbdev/core/fbcon.c
··· 2450 2450 2451 2451 if (userfont) { 2452 2452 p->userfont = old_userfont; 2453 - REFCOUNT(data)--; 2453 + if (--REFCOUNT(data) == 0) 2454 + kfree(data - FONT_EXTRA_WORDS * sizeof(int)); 2454 2455 } 2455 2456 2456 2457 vc->vc_font.width = old_width;