[PATCH] knav_qmss_queue: fix a missing-check bug in knav_pool_create()

From: Gen Zhang
Date: Wed May 29 2019 - 23:43:54 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 054/276] net: ena: gcc 8: fix compilation warning"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 091/128] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In knav_pool_create(), 'pool->name' is allocated by kstrndup(). It
returns NULL when fails. So 'pool->name' should be checked. And free
'pool' when error.

Signed-off-by: Gen Zhang <blackgod016574@xxxxxxxxx>
---
diff --git a/drivers/soc/ti/knav_qmss_queue.c b/drivers/soc/ti/knav_qmss_queue.c
index 8b41837..0f8cb28 100644
--- a/drivers/soc/ti/knav_qmss_queue.c
+++ b/drivers/soc/ti/knav_qmss_queue.c
@@ -814,6 +814,12 @@ void *knav_pool_create(const char *name,
}

pool->name = kstrndup(name, KNAV_NAME_SIZE - 1, GFP_KERNEL);
+ if (!pool->name) {
+ dev_err(kdev->dev, "failed to duplicate for pool(%s)\n",
+ name);
+ ret = -ENOMEM;
+ goto err_name;
+ }
pool->kdev = kdev;
pool->dev = kdev->dev;

@@ -864,6 +870,7 @@ void *knav_pool_create(const char *name,
mutex_unlock(&knav_dev_lock);
err:
kfree(pool->name);
+err_name:
devm_kfree(kdev->dev, pool);
return ERR_PTR(ret);
}

Next message: Greg Kroah-Hartman: "[PATCH 4.19 054/276] net: ena: gcc 8: fix compilation warning"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 091/128] iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]