Re: [PATCH v2] staging: vt6655: check for memory allocation failures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 2018/3/29 15:22, Ji-Hun Kim wrote:
There are no null pointer checking on rd_info and td_info values which
are allocated by kzalloc. It has potential null pointer dereferencing
issues. Add return when allocation is failed.

Signed-off-by: Ji-Hun Kim <ji_hun.kim@xxxxxxxxxxx>
---

Change: since v1:

- Delete WARN_ON which can makes crashes on some machines.
- Instead of return directly, goto freeing function for freeing previously
   allocated memory in the for loop after kzalloc() failed.
- In the freeing function, if td_info and rd_info are not allocated, no
   needs to free.

  drivers/staging/vt6655/device_main.c | 64 +++++++++++++++++++++++++-----------
  1 file changed, 44 insertions(+), 20 deletions(-)

diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index fbc4bc6..ecbba43 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv)
  	     i ++, curr += sizeof(struct vnt_rx_desc)) {
  		desc = &priv->aRD0Ring[i];
  		desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL);
-
+		if (!desc->rd_info)
+			goto error;
  		if (!device_alloc_rx_buf(priv, desc))
  			dev_err(&priv->pcid->dev, "can not alloc rx bufs\n");
@@ -550,6 +551,10 @@ static void device_init_rd0_ring(struct vnt_private *priv)
  	if (i > 0)
  		priv->aRD0Ring[i-1].next_desc = cpu_to_le32(priv->rd0_pool_dma);
  	priv->pCurrRD[0] = &priv->aRD0Ring[0];
+
+	return;
+error:
+	device_free_rd0_ring(priv);
  }

I think you should return an error number here, because device_init_rd0_ring() is called by vnt_start(). You should also implement error handling code in vnt_start(), and let vnt_start() returns an error number too. The same for device_init_rd1_ring(), device_init_td0_ring() and device_init_td1_ring().


Best wishes,
Jia-Ju Bai
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux