From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/vc4: fix krealloc() memory leak
Date: Wed, 27 May 2026 14:21:19 +1000
Message-ID: <review-patch1-20260526184105.18962-5-grandmaster@al2klimov.de>
In-Reply-To: <20260526184105.18962-5-grandmaster@al2klimov.de>
References: <20260526184105.18962-5-grandmaster@al2klimov.de> <20260526184105.18962-5-grandmaster@al2klimov.de>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Patch Review

**Correctness: Good.** The fix correctly addresses a real memory leak. In t=
he original code:

```c
validated_shader->uniform_addr_offsets =3D
    krealloc(validated_shader->uniform_addr_offsets,
             (o + 1) *
             sizeof(*validated_shader->uniform_addr_offsets),
             GFP_KERNEL);
if (!validated_shader->uniform_addr_offsets)
    return false;
```

If `krealloc()` returns NULL, the original allocation pointed to by `unifor=
m_addr_offsets` is leaked because the pointer is overwritten before the NUL=
L check. The caller chain eventually calls `kfree(validated_shader->uniform=
_addr_offsets)` in the cleanup paths (`vc4_validate_shaders.c:951`, `vc4_bo=
.c:176`, `vc4_bo.c:585`), but since `uniform_addr_offsets` is now NULL, the=
 free is a no-op and the original memory leaks.

**Fix approach:** The fix uses a `void *mem` temporary variable and only as=
signs to `validated_shader->uniform_addr_offsets` after confirming non-NULL:

```c
void *mem =3D krealloc(validated_shader->uniform_addr_offsets,
                     (o + 1) *
                     sizeof(*validated_shader->uniform_addr_offsets),
                     GFP_KERNEL);
if (!mem)
    return false;

validated_shader->uniform_addr_offsets =3D mem;
```

This preserves the original pointer on failure so the existing cleanup path=
s can properly free it.

**Minor style observation:** The temporary is typed `void *` rather than `u=
int32_t *` (the actual type of `uniform_addr_offsets` as seen in `vc4_drv.h=
:858`). This works correctly since C allows implicit conversion from `void =
*`, and it's idiomatic for krealloc wrappers. However, using `uint32_t *mem=
` would be slightly more type-safe and avoid the implicit cast. This is a m=
atter of taste and not a blocker =E2=80=94 the series likely uses `void *` =
consistently across all patches for the same krealloc pattern.

**Fixes tag:** Correctly references commit `6d45c81d229d ("drm/vc4: Add sup=
port for branching in shader validation.")` which introduced this code.

**Scope:** The change is minimal and precisely scoped =E2=80=94 only the 6 =
lines around the krealloc call are modified, with no functional change on t=
he success path.

**Recommendation: Patch is correct. Apply as-is.**

---
Generated by Claude Code Patch Reviewer