Commit 91e8c6e6 authored Feb 19, 2026 by Günther Noack Committed by Benjamin Tissoires Feb 19, 2026

HID: magicmouse: avoid memory leak in magicmouse_report_fixup()



The magicmouse_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

Assisted-by: Gemini-CLI:Google Gemini 3
Signed-off-by: Günther Noack <gnoack@google.com>
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>

parent 239c1511

drivers/hid/hid-magicmouse.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -994,9 +994,7 @@ static const __u8 magicmouse_report_fixup(struct hid_device hdev, __u8 *rdesc,
		hid_info(hdev,
		"fixing up magicmouse battery report descriptor\n");
		rsize = rsize - 1;
		rdesc = kmemdup(rdesc + 1, *rsize, GFP_KERNEL);
		if (!rdesc)
		return NULL;
		rdesc = rdesc + 1;

		rdesc[0] = 0x05;
		rdesc[1] = 0x01;