* [PATCH] usb: isp1760: fix null dereference if kzalloc returns null
@ 2015-05-31 22:00 Colin King
2015-05-31 22:15 ` Sergei Shtylyov
0 siblings, 1 reply; 4+ messages in thread
From: Colin King @ 2015-05-31 22:00 UTC (permalink / raw)
To: Greg Kroah-Hartman, Laurent Pinchart, Felipe Balbi, Sudeep Holla,
linux-usb
Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
If kzalloc returns null then isp1760_ep_alloc_request performs
a null pointer deference on req. Check for null to avoid this.
Detected with smatch static analysis:
drivers/usb/isp1760/isp1760-udc.c:816 isp1760_ep_alloc_request()
error: potential null dereference 'req'. (kzalloc returns null)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/usb/isp1760/isp1760-udc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/isp1760/isp1760-udc.c b/drivers/usb/isp1760/isp1760-udc.c
index 3fc4fe7..18ebf5b 100644
--- a/drivers/usb/isp1760/isp1760-udc.c
+++ b/drivers/usb/isp1760/isp1760-udc.c
@@ -812,6 +812,8 @@ static struct usb_request *isp1760_ep_alloc_request(struct usb_ep *ep,
struct isp1760_request *req;
req = kzalloc(sizeof(*req), gfp_flags);
+ if (!req)
+ return NULL;
return &req->req;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] usb: isp1760: fix null dereference if kzalloc returns null
2015-05-31 22:00 [PATCH] usb: isp1760: fix null dereference if kzalloc returns null Colin King
@ 2015-05-31 22:15 ` Sergei Shtylyov
2015-05-31 22:41 ` Colin Ian King
0 siblings, 1 reply; 4+ messages in thread
From: Sergei Shtylyov @ 2015-05-31 22:15 UTC (permalink / raw)
To: Colin King, Greg Kroah-Hartman, Laurent Pinchart, Felipe Balbi,
Sudeep Holla, linux-usb
Cc: linux-kernel
Hello.
On 06/01/2015 01:00 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> If kzalloc returns null then isp1760_ep_alloc_request performs
> a null pointer deference on req.
Dereference, not "deference".
No, it doesn't. It calculates the address of the 'isp1760_request::req'
instead, there's no dereference per se. I suppose this is a first member of
the structure, so this function should work correctly in any case.
> Check for null to avoid this.
> Detected with smatch static analysis:
>
> drivers/usb/isp1760/isp1760-udc.c:816 isp1760_ep_alloc_request()
> error: potential null dereference 'req'. (kzalloc returns null)
Well, the change won't hurt anyway, makes things clearer.
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
WBR, Sergei
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] usb: isp1760: fix null dereference if kzalloc returns null
2015-05-31 22:15 ` Sergei Shtylyov
@ 2015-05-31 22:41 ` Colin Ian King
2015-06-01 11:09 ` Sergei Shtylyov
0 siblings, 1 reply; 4+ messages in thread
From: Colin Ian King @ 2015-05-31 22:41 UTC (permalink / raw)
To: Sergei Shtylyov, Greg Kroah-Hartman, Laurent Pinchart,
Felipe Balbi, Sudeep Holla, linux-usb
Cc: linux-kernel
On 31/05/15 23:15, Sergei Shtylyov wrote:
> Hello.
>
> On 06/01/2015 01:00 AM, Colin King wrote:
>
>> From: Colin Ian King <colin.king@canonical.com>
>
>> If kzalloc returns null then isp1760_ep_alloc_request performs
>> a null pointer deference on req.
>
> Dereference, not "deference".
Shall I send v2 for this stupid typo then?
> No, it doesn't. It calculates the address of the
> 'isp1760_request::req' instead, there's no dereference per se. I suppose
> this is a first member of the structure, so this function should work
> correctly in any case.
Well, for now it's the first member, but can we assume that will apply
forever? As it stands, other *_alloc_request() functions in all the
other usb drivers check for the NULL, so this fix just aligns the code
with all of these other drivers.
>
>> Check for null to avoid this.
>
>> Detected with smatch static analysis:
>>
>> drivers/usb/isp1760/isp1760-udc.c:816 isp1760_ep_alloc_request()
>> error: potential null dereference 'req'. (kzalloc returns null)
>
> Well, the change won't hurt anyway, makes things clearer.
>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> WBR, Sergei
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] usb: isp1760: fix null dereference if kzalloc returns null
2015-05-31 22:41 ` Colin Ian King
@ 2015-06-01 11:09 ` Sergei Shtylyov
0 siblings, 0 replies; 4+ messages in thread
From: Sergei Shtylyov @ 2015-06-01 11:09 UTC (permalink / raw)
To: Colin Ian King, Greg Kroah-Hartman, Laurent Pinchart,
Felipe Balbi, Sudeep Holla, linux-usb
Cc: linux-kernel
Hello.
On 6/1/2015 1:41 AM, Colin Ian King wrote:
>>> From: Colin Ian King <colin.king@canonical.com>
>>> If kzalloc returns null then isp1760_ep_alloc_request performs
>>> a null pointer deference on req.
>> Dereference, not "deference".
> Shall I send v2 for this stupid typo then?
Definitely, especially as your change log doesn't adequately reflect
reality anyway.
>> No, it doesn't. It calculates the address of the
>> 'isp1760_request::req' instead, there's no dereference per se. I suppose
>> this is a first member of the structure, so this function should work
>> correctly in any case.
> Well, for now it's the first member, but can we assume that will apply
> forever?
I guess so.
> As it stands, other *_alloc_request() functions in all the
> other usb drivers check for the NULL, so this fix just aligns the code
> with all of these other drivers.
OK.
[...]
WBR, Sergei
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-01 11:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-31 22:00 [PATCH] usb: isp1760: fix null dereference if kzalloc returns null Colin King
2015-05-31 22:15 ` Sergei Shtylyov
2015-05-31 22:41 ` Colin Ian King
2015-06-01 11:09 ` Sergei Shtylyov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox