> I agree with you, kmemdup may fail so a null check seems necessary there. Would this place (and similar ones) be pointed out for further considerations also by the source code analysis tool which your software research group seems to be developing? https://github.com/umnsec/cheq/ Regards, Markus