]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-client.git/commitdiff
projects / ceph-client.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 239c151)
HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
authorGünther Noack <gnoack@google.com>
Thu, 19 Feb 2026 15:43:37 +0000 (16:43 +0100)
committerBenjamin Tissoires <bentiss@kernel.org>
Thu, 19 Feb 2026 17:57:38 +0000 (18:57 +0100)
The magicmouse_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Günther Noack <gnoack@google.com>
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
drivers/hid/hid-magicmouse.c patch | blob | history

diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
index 91f621ceb924bac591acfff685fd82c0e72029ed..17908d52c0274b96ea764e3d4f60b7be8ab76a84 100644 (file)
--- a/drivers/hid/hid-magicmouse.c
+++ b/drivers/hid/hid-magicmouse.c
@@ -994,9 +994,7 @@ static const __u8 *magicmouse_report_fixup(struct hid_device *hdev, __u8 *rdesc,
                hid_info(hdev,
                         "fixing up magicmouse battery report descriptor\n");
                *rsize = *rsize - 1;
-               rdesc = kmemdup(rdesc + 1, *rsize, GFP_KERNEL);
-               if (!rdesc)
-                       return NULL;
+               rdesc = rdesc + 1;
 
                rdesc[0] = 0x05;
                rdesc[1] = 0x01;
Unnamed repository; edit this file 'description' to name the repository.