| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jun 2008 15:38:12 -0700
From: David Brownell <david-b@...bell.net>
To: Marcin Slusarz <marcin.slusarz@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
Daniel Marjamäki <danielm77@...ay.se>,
David Brownell <dbrownell@...rs.sourceforge.net>,
Greg Kroah-Hartman <gregkh@...e.de>
Subject: Re: [PATCH] USB: fix possible memory leak in pxa27x_udc
On Sunday 22 June 2008, Marcin Slusarz wrote:
> --- a/drivers/usb/gadget/pxa27x_udc.c
> +++ b/drivers/usb/gadget/pxa27x_udc.c
> @@ -650,8 +650,11 @@ pxa_ep_alloc_request(struct usb_ep *_ep, gfp_t gfp_flags)
> {
> struct pxa27x_request *req;
>
> + if (!_ep)
> + return NULL;
> +
Correct enough as it goes, except that it *can't* be null by virtue
of how it's called. See <include/linux/usb/gadget.h> for:
static inline struct usb_request *usb_ep_alloc_request(struct usb_ep *ep,
gfp_t gfp_flags)
{
return ep->ops->alloc_request(ep, gfp_flags);
}
If it were null it couldn't get here. A better fix would just
remove the null check here (and possibly elsewhere).
- Dave
> req = kzalloc(sizeof *req, gfp_flags);
> - if (!req || !_ep)
> + if (!req)
> return NULL;
>
> INIT_LIST_HEAD(&req->queue);
> --
> 1.5.4.5
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists