On Wed, 13 Mar 2019, Aditya Pakki wrote:
> Allocating memory via kcalloc for pba_to_lba and lba_to_pba can
> fail. The fix avoids a potential NULL pointer dereference.
>
> Signed-off-by: Aditya Pakki <pakki001@xxxxxxx>
> ---
> drivers/usb/storage/alauda.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c
> index 6b8edf6178df..41d979e70784 100644
> --- a/drivers/usb/storage/alauda.c
> +++ b/drivers/usb/storage/alauda.c
> @@ -438,6 +438,11 @@ static int alauda_init_media(struct us_data *us)
> MEDIA_INFO(us).pba_to_lba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
> MEDIA_INFO(us).lba_to_pba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
>
> + if (!MEDIA_INFO(us).pba_to_lba || !MEDIA_INFO(us).lba_to_pba) {
> + pr_warn("%s: Failed to allocate memory\n", __func__);
> + return USB_STOR_TRANSPORT_ERROR;
> + }
> +
> if (alauda_reset_media(us) != USB_STOR_XFER_GOOD)
> return USB_STOR_TRANSPORT_ERROR;
In fact this won't accomplish anything, because the return value from
alauda_init_media() isn't used. The driver appears to need more than
a single change.
Alan Stern
