[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 06 Jul 2017 23:35:57 -0500
From: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To: Peter Rosin <peda@...ntia.se>
Cc: Jonathan Cameron <jic23@...nel.org>,
Hartmut Knaack <knaack.h@....de>,
Lars-Peter Clausen <lars@...afoo.de>,
Peter Meerwald-Stadler <pmeerw@...erw.net>,
linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iio: multiplexer: add NULL check on devm_kzalloc()
return value
Hi Peter,
Quoting Peter Rosin <peda@...ntia.se>:
> On 2017-07-07 00:08, Gustavo A. R. Silva wrote:
>> Check return value from call to devm_kzalloc()
>> in order to prevent a NULL pointer dereference.
>
> Right, thanks for finding that one! There's another one inside the
> for loop that is just starting in the context of this patch. Care
> to fix checking the return value of that devm_kmemdup as well?
>
Sure, I'll send a new patch shortly.
> And someone should perhaps teach Coccinelle about devm_kmemdup...
>
Good catch, I just implemented that script.
>> This issue was detected using Coccinelle and the following semantic patch:
>>
>> @@
>> expression x;
>> identifier fld;
>> @@
>>
>> * x = devm_kzalloc(...);
>> ... when != x == NULL
>> x->fld
>>
>>
>
> One of these blank lines should perhaps be a "Fixes:" tag?
>
mmm, I don't get this...
> Cheers,
> peda
>
>> Signed-off-by: Gustavo A. R. Silva <garsilva@...eddedor.com>
>> ---
>> drivers/iio/multiplexer/iio-mux.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/iio/multiplexer/iio-mux.c
>> b/drivers/iio/multiplexer/iio-mux.c
>> index 37ba007..a8d672b 100644
>> --- a/drivers/iio/multiplexer/iio-mux.c
>> +++ b/drivers/iio/multiplexer/iio-mux.c
>> @@ -285,6 +285,9 @@ static int mux_configure_channel(struct device
>> *dev, struct mux *mux,
>> child->ext_info_cache = devm_kzalloc(dev,
>> sizeof(*child->ext_info_cache) *
>> num_ext_info, GFP_KERNEL);
>> + if (!child->ext_info_cache)
>> + return -ENOMEM;
>> +
>> for (i = 0; i < num_ext_info; ++i) {
>> child->ext_info_cache[i].size = -1;
>>
>>
Thanks!
--
Gustavo A. R. Silva
Powered by blists - more mailing lists