Commit 239c1511 authored Feb 19, 2026 by Günther Noack Committed by Benjamin Tissoires Feb 19, 2026

HID: apple: avoid memory leak in apple_report_fixup()



The apple_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Günther Noack <gnoack@google.com>
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>

parent 6b3e4588

drivers/hid/hid-apple.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -686,9 +686,7 @@ static const __u8 apple_report_fixup(struct hid_device hdev, __u8 *rdesc,
		hid_info(hdev,
		"fixing up Magic Keyboard battery report descriptor\n");
		rsize = rsize - 1;
		rdesc = kmemdup(rdesc + 1, *rsize, GFP_KERNEL);
		if (!rdesc)
		return NULL;
		rdesc = rdesc + 1;

		rdesc[0] = 0x05;
		rdesc[1] = 0x01;