Package: acpi-call Version: 1.1.0-4 Static analysis with Coverity has picked up a memory leak in the acpi-call dkms driver.
In function acpi_proc_write() the call to parse_acpi_args() can return allocated buffers as pointed to by args even when the function returns null. Hence the kfree of args buffers needs to be done if args is not null no matter if method is null or not-null. Attached is a proposed fixed to go into debian/patches. Regards, Colin
Description: Fix memory leak on args parse_acpi_args can may have allocated args even when method is null Author: Colin Ian King <colin.k...@ubuntu.com> Origin: vendor, https://bugs.launchpad.net/ubuntu/+source/acpi-call/+bug/1829883 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/acpi-call/+bug/1829883 Last-Update: 2019-05-21 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: acpi-call-1.1.0/acpi_call.c =================================================================== --- acpi-call-1.1.0.orig/acpi_call.c +++ acpi-call-1.1.0/acpi_call.c @@ -282,14 +282,15 @@ static int acpi_proc_write( struct file input[len-1] = '\0'; method = parse_acpi_args(input, &nargs, &args); - if (method) { + if (method) do_acpi_call(method, nargs, args); - if (args) { - for (i=0; i<nargs; i++) - if (args[i].type == ACPI_TYPE_BUFFER) - kfree(args[i].buffer.pointer); - kfree(args); + + if (args) { + for (i=0; i<nargs; i++) { + if (args[i].type == ACPI_TYPE_BUFFER) + kfree(args[i].buffer.pointer); } + kfree(args); } return len;
