[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2023112236-bullseye-pranker-491e@gregkh>
Date: Wed, 22 Nov 2023 12:10:34 +0000
From: Greg KH <gregkh@...uxfoundation.org>
To: Kunwu Chan <chentao@...inos.cn>
Cc: joel@....id.au, andrew@...econstruct.com.au,
andriy.shevchenko@...ux.intel.com, linux-usb@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, kunwu.chan@...mail.com,
linux-aspeed@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: aspeed: Check return value of kasprintf in
ast_vhub_alloc_epn
On Wed, Nov 22, 2023 at 09:42:12AM +0800, Kunwu Chan wrote:
> kasprintf() returns a pointer to dynamically allocated memory
> which can be NULL upon failure. Ensure the allocation was successful
> by checking the pointer validity.
>
> Signed-off-by: Kunwu Chan <chentao@...inos.cn>
> ---
> drivers/usb/gadget/udc/aspeed-vhub/epn.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/usb/gadget/udc/aspeed-vhub/epn.c b/drivers/usb/gadget/udc/aspeed-vhub/epn.c
> index 148d7ec3ebf4..e0854e878411 100644
> --- a/drivers/usb/gadget/udc/aspeed-vhub/epn.c
> +++ b/drivers/usb/gadget/udc/aspeed-vhub/epn.c
> @@ -826,6 +826,8 @@ struct ast_vhub_ep *ast_vhub_alloc_epn(struct ast_vhub_dev *d, u8 addr)
> ep->vhub = vhub;
> ep->ep.ops = &ast_vhub_epn_ops;
> ep->ep.name = kasprintf(GFP_KERNEL, "ep%d", addr);
> + if (!ep->ep.name)
> + return NULL;
This will break things if this ever triggers. How was this tested? The
"slot" for this device will still be seen as used and so the resources
never freed and then you can run out of space for real devices, right?
Looks like the other error handling in this function below this call is
also broken, can you fix that up too?
thanks,
greg k-h
Powered by blists - more mailing lists