Re: [PATCH] qede: fix null pointer dereference on skb on allocation failure

From: David Miller
Date: Wed Aug 01 2018 - 15:03:22 EST

Next message: Michael Straube: "[PATCH] staging: rtl8188eu: use is_multicast_ether_addr"
Previous message: Pavel Machek: "Re: v4.18-rc2 on droid4: screen turns red"
In reply to: Colin King: "[PATCH] qede: fix null pointer dereference on skb on allocation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin King <colin.king@xxxxxxxxxxxxx>
Date: Wed, 1 Aug 2018 17:39:47 +0100

> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> If skb fails to be allocated with the call to build_skb then a
> null pointer dereference will occur on the call to skb_reserve.
> Fix this by checking for a null skb and returning NULL.
>
> Detected by CoverityScan, CID#1469485 ("Dereference null return value")
>
> Fixes: 8a8633978b84 ("qede: Add build_skb() support.")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>

This is in no way sufficient.

The caller doesn't check the return value, so you're just pushing
the problem one function level up.

In fact, the caller is going to take a reference on the page
whether this returns NULL or not, thus leaking that memory.

The whole call chain needs to be fixed to handle build_skb()
errors, not just this one function.

Thanks.

Next message: Michael Straube: "[PATCH] staging: rtl8188eu: use is_multicast_ether_addr"
Previous message: Pavel Machek: "Re: v4.18-rc2 on droid4: screen turns red"
In reply to: Colin King: "[PATCH] qede: fix null pointer dereference on skb on allocation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]