Followup to "nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION" #cip


Hi all,
I noticed that the mentioned patch ( made it into various CIP branches, e.g. linux-4.4.y-st.
It fixes potential OOB writes.
However it also introduces memory leaks due to the new return statements leaking the allocated `transaction`, i.e. it misses a `devm_kfree(dev, transaction);` in those cases.
Furthermore there is also a logic error and potential OOB read issues which are fixed in various Android kernel forks. See e.g.

I haven't found patches for that in the upstream kernels and I do not know the policy regarding such issues / not-yet-upstream patches.
Anyway, those issues exist and at least for some there are patches and adding the missing devm_kfree is trivial, so I wanted to make you aware of that.


Join to automatically receive all group messages.