On Fri, 7 Apr 2017, Alyssa Rosenzweig wrote:
> diff --git a/drivers/hid/hid-topaz.c b/drivers/hid/hid-topaz.c
> new file mode 100644
> index 000000000000..92a8f34a367f
> --- /dev/null
> +++ b/drivers/hid/hid-topaz.c
[ ... snip ... ]
> +static int topaz_send(struct hid_device *dev, u8 *packet, size_t sz)
> +{
> + int ret;
> +
> + u8 *buf = kmemdup(packet, sz, GFP_KERNEL);
> +
> + if (!buf)
> + return -ENOMEM;
> +
> + if (!dev->ll_driver->output_report)
> + return -ENODEV;
Memory pointed to by *buf is leaked here.
> +static int topazfb_probe(struct hid_device *dev)
> +{
> + struct fb_info *info;
> + struct topazfb_par *par;
> +
> + info = framebuffer_alloc(sizeof(struct topazfb_par), NULL);
> +
> + par = info->par;
> + par->hid = dev;
> +
> + info->fbops = &topazfb_ops;
> + info->fix = topazfb_fix;
> + info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_IMAGEBLIT
> + | FBINFO_HWACCEL_FILLRECT;
> +
> + /* this is only a pseudo frame buffer device */
> + info->screen_base = NULL;
> + info->screen_size = 0;
> +
> + /* LBK766 is 320x240; other models may differ */
> + info->var.xres = 320;
> + info->var.yres = 240;
> +
> + info->var.bits_per_pixel = 1;
> + info->var.grayscale = 1;
> + info->var.red.offset = 0;
> + info->var.red.length = 1;
> + info->var.green.offset = 0;
> + info->var.green.length = 1;
> + info->var.blue.offset = 0;
> + info->var.blue.length = 1;
> + info->var.transp.offset = 0;
> + info->var.transp.length = 1;
> +
> + if (register_framebuffer(info) < 0)
> + return -EINVAL;
Another leak (*info) here?
[ ... snip ... ]
> +static const struct hid_device_id topaz_devices[] = {
> + { HID_USB_DEVICE(USB_VENDOR_ID_TOPAZ, USB_DEVICE_ID_TOPAZ_LBK766) },
> + { }
> +};
You have to add this to hid_have_special_driver[] as well
Thanks,
--
Jiri Kosina
SUSE Labs
