Re: [PATCH 1/1] staging: check return value of dev_alloc_skb() against NULL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 28, 2013 at 01:08:19PM +0800, RUC_SoftSec wrote:
> Function dev_alloc_skb() may return a NULL pointer if there is no enough memory, it should be checked against NULL before used.
> This bug is found by a static analysis tool developed by RUC_SoftSec, supported by China.X.Orion.
> 
> Signed-off-by: RUC_SoftSec <rucsoftsec@xxxxxxxxx>
> ---
>  drivers/staging/rtl8192u/r819xU_firmware.c |    8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/staging/rtl8192u/r819xU_firmware.c b/drivers/staging/rtl8192u/r819xU_firmware.c
> index bb924ac..045e48c 100644
> --- a/drivers/staging/rtl8192u/r819xU_firmware.c
> +++ b/drivers/staging/rtl8192u/r819xU_firmware.c
> @@ -66,6 +66,10 @@ bool fw_download_code(struct net_device *dev, u8 *code_virtual_address, u32 buff
>  		#else
>  		skb  = dev_alloc_skb(frag_length + 4);
>  		#endif
> +		if (skb == NULL) {
> +			rt_status = false;
> +			break;
> +		}
>  		memcpy((unsigned char *)(skb->cb),&dev,sizeof(dev));
>  		tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
>  		tcb_desc->queue_index = TXCMD_QUEUE;
> @@ -124,6 +128,10 @@ fwSendNullPacket(
>  
>  	//Get TCB and local buffer from common pool. (It is shared by CmdQ, MgntQ, and USB coalesce DataQ)
>  	skb  = dev_alloc_skb(Length+ 4);
> +	if (skb == NULL) {
> +		rtStatus = false;
> +		return rtStatus;

Just do:

	if (!skb)
		return false;

regards,
dan carpenter

_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel




[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux