Re: [PATCH] qede: fix null pointer dereference on skb on allocation failure
From: David Miller
Date: Wed Aug 01 2018 - 15:03:22 EST
From: Colin King <colin.king@xxxxxxxxxxxxx>
Date: Wed, 1 Aug 2018 17:39:47 +0100
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> If skb fails to be allocated with the call to build_skb then a
> null pointer dereference will occur on the call to skb_reserve.
> Fix this by checking for a null skb and returning NULL.
>
> Detected by CoverityScan, CID#1469485 ("Dereference null return value")
>
> Fixes: 8a8633978b84 ("qede: Add build_skb() support.")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
This is in no way sufficient.
The caller doesn't check the return value, so you're just pushing
the problem one function level up.
In fact, the caller is going to take a reference on the page
whether this returns NULL or not, thus leaking that memory.
The whole call chain needs to be fixed to handle build_skb()
errors, not just this one function.
Thanks.