From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: fbdev: sm501fb: fix potential memory leak in sm501fb_probe()
Date: Sat, 16 May 2026 11:10:43 +1000 [thread overview]
Message-ID: <review-patch14-20260514-fbdev-v1-14-b3a2474fa720@cse.iitm.ac.in> (raw)
In-Reply-To: <20260514-fbdev-v1-14-b3a2474fa720@cse.iitm.ac.in>
Patch Review
**Status: Needs revision — potential double-free**
```c
err_alloc:
+#if defined(CONFIG_OF)
+ kfree(info->edid_data);
+#endif
kfree(info);
```
I verified in the source tree that `info->edid_data` is allocated via `kmemdup()` under `#if defined(CONFIG_OF)` in `sm501fb_probe()`. However, I found a critical issue:
**`sm501fb_init_fb()` (called from `sm501fb_start()`) already frees `info->edid_data` in certain code paths without setting it to NULL:**
```c
if (info->edid_data) {
ret = fb_find_mode(...);
kfree(info->edid_data);
/* edid_data is NOT set to NULL here! */
}
```
If `sm501fb_start()` succeeds (calling `sm501fb_init_fb()` which frees `edid_data`), but a later step like `register_framebuffer()` fails, the error path goes through `err_started` → `err_probed_panel` → `err_probed_crt` → `err_alloc`, which would call `kfree(info->edid_data)` on an already-freed pointer — a **double-free bug**.
**Recommended fix:** Either:
1. Add `info->edid_data = NULL` after the `kfree()` in `sm501fb_init_fb()` as a separate preparatory patch, or
2. Use `kfree(info->edid_data); info->edid_data = NULL;` pattern here and in `sm501fb_init_fb()`.
Also, the `#if defined(CONFIG_OF)` guard is unnecessary since `edid_data` is unconditionally defined in `struct sm501fb_info` and `kfree(NULL)` is a no-op. Removing the guard would be cleaner.
---
Generated by Claude Code Patch Reviewer
next prev parent reply other threads:[~2026-05-16 1:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-14 8:24 [PATCH 00/14] fbdev: fix various memory leaks Abdun Nihaal
2026-05-14 8:24 ` [PATCH 01/14] fbdev: hecubafb: fix potential memory leak in hecubafb_probe() Abdun Nihaal
2026-05-15 7:57 ` Thomas Zimmermann
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 02/14] fbdev: broadsheetfb: fix potential memory leak in broadsheetfb_probe() Abdun Nihaal
2026-05-15 7:56 ` Thomas Zimmermann
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 03/14] fbdev: metronomefb: fix potential memory leak in metronomefb_probe() Abdun Nihaal
2026-05-15 7:18 ` Thomas Zimmermann
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 04/14] fbdev: radeon: fix potential memory leak in radeonfb_pci_register() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 05/14] fbdev: carminefb: fix potential memory leak in alloc_carmine_fb() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 06/14] fbdev: i740fb: fix potential memory leak in i740fb_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 07/14] fbdev: nvidia: fix potential memory leak in nvidiafb_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 08/14] fbdev: s3fb: fix potential memory leak in s3_pci_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 09/14] fbdev: tdfxfb: fix potential memory leak in tdfxfb_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 10/14] fbdev: tridentfb: fix potential memory leak in trident_pci_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 11/14] fbdev: uvesafb: fix potential memory leak in uvesafb_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 12/14] fbdev: efifb: fix memory leak in efifb_probe() Abdun Nihaal
2026-05-15 7:16 ` Thomas Zimmermann
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 13/14] fbdev: vesafb: fix memory leak in vesafb_probe() Abdun Nihaal
2026-05-15 7:17 ` Thomas Zimmermann
2026-05-16 1:10 ` Claude review: " Claude Code Review Bot
2026-05-14 8:24 ` [PATCH 14/14] fbdev: sm501fb: fix potential memory leak in sm501fb_probe() Abdun Nihaal
2026-05-16 1:10 ` Claude Code Review Bot [this message]
2026-05-16 1:10 ` Claude review: fbdev: fix various memory leaks Claude Code Review Bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=review-patch14-20260514-fbdev-v1-14-b3a2474fa720@cse.iitm.ac.in \
--to=claude-review@example.com \
--cc=dri-devel-reviews@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox