Function dev_alloc_skb() may return a NULL pointer when there is no enough memory, its return value should be checked before used.
This bug is found by a static analysis tool developed by RUC_SoftSec, supported by China.X.Orion.
Signed-off-by: RUC_SoftSec <rucsoftsec@xxxxxxxxx>
---
.../staging/rtl8192e/rtl8192e/r8192E_firmware.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c b/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c
index dd2a96b..baf15d7 100644
--- a/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c
+++ b/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c
@@ -61,6 +61,10 @@ static bool fw_download_code(struct net_device *dev, u8 *code_virtual_address,
}
skb = dev_alloc_skb(frag_length + 4);
+ if (skb == NULL) {
+ rt_status = true;
+ break;
+ }
memcpy((unsigned char *)(skb->cb), &dev, sizeof(dev));
tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
tcb_desc->queue_index = TXCMD_QUEUE;
--
1.7.9.5
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
