From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> Date: Sun, 31 Dec 2023 10:26:25 +0100 The kfree() function was called in one case by the relay_create_buf() function during error handling even if the passed data structure member contained a null pointer. This issue was detected by using the Coccinelle software. Thus use another label. Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> --- kernel/relay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/relay.c b/kernel/relay.c index a8e90e98bf2c..b8c06305213d 100644 --- a/kernel/relay.c +++ b/kernel/relay.c @@ -161,14 +161,15 @@ static struct rchan_buf *relay_create_buf(struct rchan *chan) buf->start = relay_alloc_buf(buf, &chan->alloc_size); if (!buf->start) - goto free_buf; + goto free_padding; buf->chan = chan; kref_get(&buf->chan->kref); return buf; -free_buf: +free_padding: kfree(buf->padding); +free_buf: kfree(buf); return NULL; } -- 2.43.0
