[PATCH 1/1] staging: Add NULL checks to return value of skb_clone() and dev_alloc_skb()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Function skb_clone() and dev_alloc_skb() may return NULL pointers if there is no enough memroy, their return values should be checked against NULL before used.
This bug is found by a static tool developed by RUC_SoftSec, supported by China.X.Orion.

Signed-off-by: RUC_SoftSec <rucsoftsec@xxxxxxxxx>
---
 drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
index 59900bf..9162151 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c
@@ -848,11 +848,19 @@ u8 parse_subframe(struct sk_buff *skb,
 
 #ifdef JOHN_NOCPY
 			sub_skb = skb_clone(skb, GFP_ATOMIC);
+			if (sub_skb == NULL) {
+				printk("ERR in %s(), skb_clone() failed\n", __FUNCTION__);
+				return 0;
+			}
 			sub_skb->len = nSubframe_Length;
 			sub_skb->tail = sub_skb->data + nSubframe_Length;
 #else
 			/* Allocate new skb for releasing to upper layer */
 			sub_skb = dev_alloc_skb(nSubframe_Length + 12);
+			if (sub_skb == NULL) {
+				printk("ERR in %s(), dev_alloc_skb() failed\n", __FUNCTION__);
+				return 0;
+			}
 			skb_reserve(sub_skb, 12);
 			data_ptr = (u8 *)skb_put(sub_skb, nSubframe_Length);
 			memcpy(data_ptr,skb->data,nSubframe_Length);
-- 
1.7.9.5

_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel




[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux