From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758579AbbEaWnd (ORCPT <rfc822;w@1wt.eu>);
	Sun, 31 May 2015 18:43:33 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:59031 "EHLO
	youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751282AbbEaWnZ (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 31 May 2015 18:43:25 -0400
Message-ID: <556B8E0D.8020703@canonical.com>
Date: Sun, 31 May 2015 23:41:17 +0100
From: Colin Ian King <colin.king@canonical.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
        Felipe Balbi <balbi@ti.com>, Sudeep Holla <sudeep.holla@arm.com>,
        linux-usb@vger.kernel.org
CC: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] usb: isp1760: fix null dereference if kzalloc returns
 null
References: <1433109649-4086-1-git-send-email-colin.king@canonical.com> <556B87FC.5080908@cogentembedded.com>
In-Reply-To: <556B87FC.5080908@cogentembedded.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 31/05/15 23:15, Sergei Shtylyov wrote:
> Hello.
> 
> On 06/01/2015 01:00 AM, Colin King wrote:
> 
>> From: Colin Ian King <colin.king@canonical.com>
> 
>> If kzalloc returns null then isp1760_ep_alloc_request performs
>> a null pointer deference on req.
> 
>    Dereference, not "deference".

Shall I send v2 for this stupid typo then?

>    No, it doesn't. It calculates the address of the
> 'isp1760_request::req' instead, there's no dereference per se. I suppose
> this is a first member of the structure, so this function should work
> correctly in any case.

Well, for now it's the first member, but can we assume that will apply
forever? As it stands, other *_alloc_request() functions in all the
other usb drivers check for the NULL, so this fix just aligns the code
with all of these other drivers.


> 
>> Check for null to avoid this.
> 
>> Detected with smatch static analysis:
>>
>> drivers/usb/isp1760/isp1760-udc.c:816 isp1760_ep_alloc_request()
>>    error: potential null dereference 'req'.  (kzalloc returns null)
> 
>    Well, the change won't hurt anyway, makes things clearer.
> 
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> 
> WBR, Sergei
>