Re: [patch] [media] em28xx-input: NULL dereference on error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 25 Sep 2014, Frank Schäfer wrote:

> Hi Dan,
>
> Am 25.09.2014 um 13:39 schrieb Dan Carpenter:
> > We call "kfree(ir->i2c_client);" in the error handling and that doesn't
> > work if "ir" is NULL.
> >
> > Fixes: 78e719a5f30b ('[media] em28xx-input: i2c IR decoders: improve i2c_client handling')
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c
> > index 581f6da..23f8f6a 100644
> > --- a/drivers/media/usb/em28xx/em28xx-input.c
> > +++ b/drivers/media/usb/em28xx/em28xx-input.c
> > @@ -712,8 +712,10 @@ static int em28xx_ir_init(struct em28xx *dev)
> >  	em28xx_info("Registering input extension\n");
> >
> >  	ir = kzalloc(sizeof(*ir), GFP_KERNEL);
> > +	if (!ir)
> > +		return -ENOMEM;
> >  	rc = rc_allocate_device();
> > -	if (!ir || !rc)
> > +	if (!rc)
> >  		goto error;

I have never understood this kind of code.  If the kmalloc fails, why not
give up immediately (as in Dan's patch)?

julia


> >  	/* record handles to ourself */
> I would prefer to fix it where the actual problem is located.
> Can you send an updated version that changes the code to do
>
> ...
> error:
> if (ir)
>   kfree(ir->i2c_client);
> ...
>
> This makes the code less prone to future error handling changes.
>
> Thanks !
>
> Regards,
> Frank
>
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux