Re: [PATCH 2/3] staging: ion: Fix possible null pointer dereference

From: Colin Cross
Date: Tue Dec 17 2013 - 02:26:08 EST


On Mon, Dec 16, 2013 at 9:07 PM, John Stultz <john.stultz@xxxxxxxxxx> wrote:
> The kbuild test robot reported:
>
> drivers/staging/android/ion/ion_system_heap.c:122 alloc_largest_available() error: potential null dereference 'info'. (kmalloc returns null)
>
> Where the pointer returned from kmalloc goes unchecked for failure.
>
> This patch checks the return for NULL, and reworks the logic, as
> suggested by Colin, so we allocate the page_info structure first.
>
> Cc: Colin Cross <ccross@xxxxxxxxxxx>
> Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Android Kernel Team <kernel-team@xxxxxxxxxxx>
> Cc: kbuild test robot <fengguang.wu@xxxxxxxxx>
> Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx>
> Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx>
> ---
> drivers/staging/android/ion/ion_system_heap.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
> index 144b2272..7f07291 100644
> --- a/drivers/staging/android/ion/ion_system_heap.c
> +++ b/drivers/staging/android/ion/ion_system_heap.c
> @@ -108,6 +108,10 @@ static struct page_info *alloc_largest_available(struct ion_system_heap *heap,
> struct page_info *info;
> int i;
>
> + info = kmalloc(sizeof(struct page_info), GFP_KERNEL);
> + if (!info)
> + return NULL;
> +
> for (i = 0; i < num_orders; i++) {
> if (size < order_to_size(orders[i]))
> continue;
> @@ -118,11 +122,12 @@ static struct page_info *alloc_largest_available(struct ion_system_heap *heap,
> if (!page)
> continue;
>
> - info = kmalloc(sizeof(struct page_info), GFP_KERNEL);
> info->page = page;
> info->order = orders[i];
> return info;
> }
> + kfree(info);
> +
> return NULL;
> }
>

Acked-by: Colin Cross <ccross@xxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/