i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr

BugLink: https://bugs.launchpad.net/bugs/1836666 [ Upstream commit a0692f0e ] If I2C_M_RECV_LEN check failed, msgs[i].buf allocated by memdup_user will not be freed. Pump index up so it will be freed. Fixes: 838bfa60 ("i2c-dev: Add support for I2C_M_RECV_LEN") Signed-off-by: Yingjoe Chen <yingjoe.chen@mediatek.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
BugLink: https://bugs.launchpad.net/bugs/1836666 [ Upstream commit a0692f0e ] If I2C_M_RECV_LEN check failed, msgs[i].buf allocated by memdup_user will not be freed. Pump index up so it will be freed. Fixes: 838bfa60 ("i2c-dev: Add support for I2C_M_RECV_LEN") Signed-off-by: Yingjoe Chen <yingjoe.chen@mediatek.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
eccdf7ad · Yingjoe Chen · Stefan Bader · 087ecf3f · eccdf7ad
Commit eccdf7ad authored May 07, 2019 by Yingjoe Chen Committed by Stefan Bader Jul 23, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/i2c/i2c-dev.c drivers/i2c/i2c-dev.c +1 -0

No files found.
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -295,6 +295,7 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
 			    rdwr_pa[i].buf[0] < 1 ||
 			    rdwr_pa[i].len < rdwr_pa[i].buf[0] +
 					     I2C_SMBUS_BLOCK_MAX) {
+				i++;
 				res = -EINVAL;
 				break;
 			}