From: "Davidlohr Bueso A." <dave@gnu.org>
To: Hannes Eder <hannes@hanneseder.net>
Cc: Julia Lawall <julia@diku.dk>,
kraxel@bytesex.org, linux-scsi@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] drivers/scsi: Check NULL for kmalloc() return
Date: Fri, 07 Aug 2009 20:42:21 +0000 [thread overview]
Message-ID: <20090807204221.GA2380@fencepost.gnu.org> (raw)
In-Reply-To: <154e089b0908071333l1d19545ay2dfaee89366120a5@mail.gmail.com>
On Fri, Aug 07, 2009 at 10:33:36PM +0200, Hannes Eder wrote:
> On Fri, Aug 7, 2009 at 22:17, Davidlohr Bueso A.<dave@gnu.org> wrote:
> > On Fri, Aug 07, 2009 at 09:56:48PM +0200, Julia Lawall wrote:
> >> On Fri, 7 Aug 2009, Davidlohr Bueso A. wrote:
> >>
> >> > On Fri, Aug 07, 2009 at 08:54:44PM +0200, Julia Lawall wrote:
> >> > > On Fri, 7 Aug 2009, Davidlohr Bueso A. wrote:
> >> > >
> >> > > > Verify that ch->dt is not NULL before using it:
> >> > > > ch-dt[elem] = value;
> >> > >
> >> > > It looks like buffer should be freed as well?
> >> >
> >> > The way I see it, this is done in ch_remove()
> >>
> >> I don't see that at all. buffer appears to be a variable that is local to
> >> ch_readconfig and is passed down to other functions, but never saved
> >> anywhere. Furthermore buffer is freed in the normal exit of the function,
> >> so it seems likely that it should be freed on an early exit as well.
> >
> > Sorry, misread, for some reason I thought you were talking about freeing ch->dt, correting patch.
> >
> > Thanks,
> > Davidlohr
> >
> > Signed-off-by: Davidlohr Bueso <dave@gnu.org>
> >
> > ---
> > drivers/scsi/ch.c | 6 ++++++
> > 1 files changed, 6 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
> > index 7b1633a..bb42ceb 100644
> > --- a/drivers/scsi/ch.c
> > +++ b/drivers/scsi/ch.c
> > @@ -353,6 +353,12 @@ ch_readconfig(scsi_changer *ch)
> > /* look up the devices of the data transfer elements */
> > ch->dt = kmalloc(ch->counts[CHET_DT]*sizeof(struct scsi_device),
> > GFP_KERNEL);
> > +
> > + if (!ch->dt) {
> > + free(buffer);
>
> kfree(buffer) ?
Wow, unbelievable, that'll teach me!
Signed-off-by: Davidlohr Bueso <dave@gnu.org>
---
drivers/scsi/ch.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
index 7b1633a..fe11c1d 100644
--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -353,6 +353,12 @@ ch_readconfig(scsi_changer *ch)
/* look up the devices of the data transfer elements */
ch->dt = kmalloc(ch->counts[CHET_DT]*sizeof(struct scsi_device),
GFP_KERNEL);
+
+ if (!ch->dt) {
+ kfree(buffer);
+ return -ENOMEM;
+ }
+
for (elem = 0; elem < ch->counts[CHET_DT]; elem++) {
id = -1;
lun = 0;
WARNING: multiple messages have this Message-ID (diff)
From: "Davidlohr Bueso A." <dave@gnu.org>
To: Hannes Eder <hannes@hanneseder.net>
Cc: Julia Lawall <julia@diku.dk>,
kraxel@bytesex.org, linux-scsi@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] drivers/scsi: Check NULL for kmalloc() return
Date: Fri, 7 Aug 2009 16:42:21 -0400 [thread overview]
Message-ID: <20090807204221.GA2380@fencepost.gnu.org> (raw)
In-Reply-To: <154e089b0908071333l1d19545ay2dfaee89366120a5@mail.gmail.com>
On Fri, Aug 07, 2009 at 10:33:36PM +0200, Hannes Eder wrote:
> On Fri, Aug 7, 2009 at 22:17, Davidlohr Bueso A.<dave@gnu.org> wrote:
> > On Fri, Aug 07, 2009 at 09:56:48PM +0200, Julia Lawall wrote:
> >> On Fri, 7 Aug 2009, Davidlohr Bueso A. wrote:
> >>
> >> > On Fri, Aug 07, 2009 at 08:54:44PM +0200, Julia Lawall wrote:
> >> > > On Fri, 7 Aug 2009, Davidlohr Bueso A. wrote:
> >> > >
> >> > > > Verify that ch->dt is not NULL before using it:
> >> > > > ch-dt[elem] = value;
> >> > >
> >> > > It looks like buffer should be freed as well?
> >> >
> >> > The way I see it, this is done in ch_remove()
> >>
> >> I don't see that at all. buffer appears to be a variable that is local to
> >> ch_readconfig and is passed down to other functions, but never saved
> >> anywhere. Furthermore buffer is freed in the normal exit of the function,
> >> so it seems likely that it should be freed on an early exit as well.
> >
> > Sorry, misread, for some reason I thought you were talking about freeing ch->dt, correting patch.
> >
> > Thanks,
> > Davidlohr
> >
> > Signed-off-by: Davidlohr Bueso <dave@gnu.org>
> >
> > ---
> > drivers/scsi/ch.c | 6 ++++++
> > 1 files changed, 6 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
> > index 7b1633a..bb42ceb 100644
> > --- a/drivers/scsi/ch.c
> > +++ b/drivers/scsi/ch.c
> > @@ -353,6 +353,12 @@ ch_readconfig(scsi_changer *ch)
> > /* look up the devices of the data transfer elements */
> > ch->dt = kmalloc(ch->counts[CHET_DT]*sizeof(struct scsi_device),
> > GFP_KERNEL);
> > +
> > + if (!ch->dt) {
> > + free(buffer);
>
> kfree(buffer) ?
Wow, unbelievable, that'll teach me!
Signed-off-by: Davidlohr Bueso <dave@gnu.org>
---
drivers/scsi/ch.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c
index 7b1633a..fe11c1d 100644
--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -353,6 +353,12 @@ ch_readconfig(scsi_changer *ch)
/* look up the devices of the data transfer elements */
ch->dt = kmalloc(ch->counts[CHET_DT]*sizeof(struct scsi_device),
GFP_KERNEL);
+
+ if (!ch->dt) {
+ kfree(buffer);
+ return -ENOMEM;
+ }
+
for (elem = 0; elem < ch->counts[CHET_DT]; elem++) {
id = -1;
lun = 0;
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-08-07 20:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-07 18:39 [PATCH] drivers/scsi: Check NULL for kmalloc() return Davidlohr Bueso A.
2009-08-07 18:39 ` Davidlohr Bueso A.
2009-08-07 18:54 ` Julia Lawall
2009-08-07 18:54 ` Julia Lawall
2009-08-07 19:44 ` Davidlohr Bueso A.
2009-08-07 19:44 ` Davidlohr Bueso A.
2009-08-07 19:56 ` Julia Lawall
2009-08-07 19:56 ` Julia Lawall
2009-08-07 20:17 ` Davidlohr Bueso A.
2009-08-07 20:17 ` Davidlohr Bueso A.
2009-08-07 20:33 ` Hannes Eder
2009-08-07 20:33 ` Hannes Eder
2009-08-07 20:42 ` Davidlohr Bueso A. [this message]
2009-08-07 20:42 ` Davidlohr Bueso A.
2009-08-07 19:54 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090807204221.GA2380@fencepost.gnu.org \
--to=dave@gnu.org \
--cc=hannes@hanneseder.net \
--cc=julia@diku.dk \
--cc=kernel-janitors@vger.kernel.org \
--cc=kraxel@bytesex.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.