From: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx> _r8712_init_xmit_priv() or _r8712_init_recv_priv() returns -ENOMEM when some allocations inside it failed. However, the caller, i.e., r8712_init_drv_sw(), does not properly validate their return status, which may lead to potential wrong memory access in the future. Therefore, this patch adds two validation check for their return status and properly jump to the corresponding error hanlding code if failures happen. Signed-off-by: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx> --- ChangeLog: v1->v2 adjust the sequence of patches in this series. v2->v3 update the description. drivers/staging/rtl8712/os_intfs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c index 1f7ccec..0dbf8c2 100644 --- a/drivers/staging/rtl8712/os_intfs.c +++ b/drivers/staging/rtl8712/os_intfs.c @@ -308,8 +308,12 @@ int r8712_init_drv_sw(struct _adapter *padapter) ret = r8712_init_mlme_priv(padapter); if (ret) goto free_evt_priv; - _r8712_init_xmit_priv(&padapter->xmitpriv, padapter); - _r8712_init_recv_priv(&padapter->recvpriv, padapter); + ret = _r8712_init_xmit_priv(&padapter->xmitpriv, padapter); + if (ret) + goto free_mlme_priv; + ret = _r8712_init_recv_priv(&padapter->recvpriv, padapter); + if (ret) + goto free_xmit_priv; memset((unsigned char *)&padapter->securitypriv, 0, sizeof(struct security_priv)); timer_setup(&padapter->securitypriv.tkip_timer, --
