3.16.47-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Pan Bian <bianpan2016@xxxxxxx>
commit 8b20839988f1ed5e534b270f3776709b640dc7e0 upstream.
Function devm_kzalloc() will return a NULL pointer. However, in function
isp1704_charger_probe(), the return value of devm_kzalloc() is directly
used without validation. This may result in a bad memory access bug.
Fixes: 34a109610e2a ("isp1704_charger: Add DT support")
Signed-off-by: Pan Bian <bianpan2016@xxxxxxx>
Reviewed-by: Pali Rohár <pali.rohar@xxxxxxxxx>
Signed-off-by: Sebastian Reichel <sebastian.reichel@xxxxxxxxxxxxxxx>
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/power/isp1704_charger.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/power/isp1704_charger.c
+++ b/drivers/power/isp1704_charger.c
@@ -415,6 +415,10 @@ static int isp1704_charger_probe(struct
pdata = devm_kzalloc(&pdev->dev,
sizeof(struct isp1704_charger_data), GFP_KERNEL);
+ if (!pdata) {
+ ret = -ENOMEM;
+ goto fail0;
+ }
pdata->enable_gpio = gpio;
dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);