potential null pointer dereference in drivers/isdn/hisax/isdnl2.c

From: Jesper Juhl
Date: Thu Feb 03 2011 - 15:28:58 EST

Next message: Chuck Lever: "Re: [PATCH] Fix size argument to memset call in nfsacl_encode"
Previous message: Andrew Morton: "Re: [PATCH - resend] memblock: Don't adjust size inmemblock_find_base()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

In drivers/isdn/hisax/isdnl2.c:l2_pull_iqueue() we have this:

...
skb = alloc_skb(oskb->len + i, GFP_ATOMIC);
memcpy(skb_put(skb, i), header, i);
...

If alloc_skb() fails and returns NULL then the second line will cause a
NULL pointer dereference - skb_put() gives the pointer to
skb_tail_pointer() which dereferences it.

I'm not quite sure how this should be dealt with, so I'll just report it
rather than submit a patch. Happy bug fixing :-)

--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chuck Lever: "Re: [PATCH] Fix size argument to memset call in nfsacl_encode"
Previous message: Andrew Morton: "Re: [PATCH - resend] memblock: Don't adjust size inmemblock_find_base()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]