From: Masahiro Yamada masahiroy@kernel.org
[ Upstream commit f72ed4c6a375e52a3f4b75615e4a89d29d8acea7 ]
If gtk_tree_model_get_iter() fails, gtk_tree_path_free() is not called.
Signed-off-by: Masahiro Yamada masahiroy@kernel.org Acked-by: Randy Dunlap rdunlap@infradead.org Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
Based on my analysis of the commit and examination of the code, here is my assessment:
**Backport Status: YES**
## Extensive Analysis:
### 1. **Nature of the Bug** The commit fixes a clear memory leak in the `renderer_edited()` function in scripts/kconfig/gconf.c. The function allocates a GtkTreePath object using `gtk_tree_path_new_from_string()` at line 782, but if `gtk_tree_model_get_iter()` fails on line 788, the function returns early without calling `gtk_tree_path_free()`, causing a memory leak.
### 2. **Bug Impact** - **Resource leak**: Every time a user attempts to edit a value in the GTK-based kernel configuration tool (gconfig) and the operation fails to get the iterator, memory is leaked. - **User-facing impact**: While gconfig is not used by all kernel users, those who do use it for configuring the kernel could experience memory leaks during interactive configuration sessions. - **Accumulation potential**: In a long configuration session with multiple failed edits, these leaks could accumulate.
### 3. **Fix Analysis** The fix is minimal and straightforward: - Changes the early `return` to a `goto free` statement - Adds a `free:` label before the existing `gtk_tree_path_free(path)` call - This ensures the allocated path is always freed, whether the function succeeds or fails
### 4. **Risk Assessment** - **Minimal risk**: The change only affects the error path and ensures proper cleanup - **No functional changes**: The fix doesn't alter any program logic, it only adds proper resource cleanup - **Well-contained**: The change is limited to a single function in the gconfig tool - **Standard pattern**: Using goto for cleanup is a common and accepted pattern in kernel code
### 5. **Stable Tree Criteria Compliance** The commit meets stable tree requirements: - ✓ Fixes a real bug (memory leak) - ✓ Small and contained (2 lines changed) - ✓ No new features or architectural changes - ✓ Clear and obvious correctness - ✓ Minimal regression risk
### 6. **Historical Context** Looking at the git history, there have been multiple memory leak fixes in the kconfig subsystem (e.g., commits a409fc1463d6, ae1eff0349f2, fbac5977d81c), indicating this is an area where such fixes are considered important and regularly backported.
### 7. **Code Pattern Analysis** Examining other uses of `gtk_tree_model_get_iter()` in the same file shows that other call sites don't have this issue because they either: - Don't allocate resources before the call (lines 902, 962, 1015) - Or are in different contexts where the path is managed differently
This makes the fix in `renderer_edited()` particularly important as it's the only place with this specific leak pattern.
The commit should be backported to stable kernels to ensure users of the gconfig tool don't experience memory leaks during kernel configuration sessions.
scripts/kconfig/gconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/kconfig/gconf.c b/scripts/kconfig/gconf.c index abe4cfe66b14..0caf0ced13df 100644 --- a/scripts/kconfig/gconf.c +++ b/scripts/kconfig/gconf.c @@ -748,7 +748,7 @@ static void renderer_edited(GtkCellRendererText * cell, struct symbol *sym;
if (!gtk_tree_model_get_iter(model2, &iter, path)) - return; + goto free;
gtk_tree_model_get(model2, &iter, COL_MENU, &menu, -1); sym = menu->sym; @@ -760,6 +760,7 @@ static void renderer_edited(GtkCellRendererText * cell,
update_tree(&rootmenu, NULL);
+free: gtk_tree_path_free(path); }