From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759797AbbFBR5x (ORCPT <rfc822;w@1wt.eu>);
	Tue, 2 Jun 2015 13:57:53 -0400
Received: from mail-la0-f51.google.com ([209.85.215.51]:33780 "EHLO
	mail-la0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1759432AbbFBR5p (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 2 Jun 2015 13:57:45 -0400
Message-ID: <556DEE94.3030203@cogentembedded.com>
Date: Tue, 02 Jun 2015 20:57:40 +0300
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Organization: Cogent Embedded
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
CC: Colin King <colin.king@canonical.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Felipe Balbi <balbi@ti.com>, Sudeep Holla <sudeep.holla@arm.com>,
        linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH][V2] usb: isp1760: fix null dereference if kzalloc returns
 null
References: <1433112223-4651-1-git-send-email-colin.king@canonical.com> <556C6362.1010700@cogentembedded.com> <2412438.ObMLH8QmsQ@avalon>
In-Reply-To: <2412438.ObMLH8QmsQ@avalon>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello.

On 06/02/2015 06:41 PM, Laurent Pinchart wrote:

>>> From: Colin Ian King <colin.king@canonical.com>

>>> If kzalloc returns null then isp1760_ep_alloc_request performs
>>> a null pointer dereference on req. Check for null to avoid this.

>> I told you there's no dereference and yet you're repeating it again. :-(

> How about

> "isp1760_ep_alloc_request allocates a structure with kzalloc without checking
> for NULL and then returns a pointer to one of the structure fields. As the
> field happens to be the first in the structure the caller can properly check
> for NULL, but this is risky if the structure layout is changed later. Add an
> explicit NULL check for the kzalloc return value."

    Fine with me! Thanks, Laurent. :-)

>>> a null pointer dereference on req. Check for null to avoid this.

>>> Detected with smatch static analysis:

>>> drivers/usb/isp1760/isp1760-udc.c:816 isp1760_ep_alloc_request()

>>>     error: potential null dereference 'req'.  (kzalloc returns null)

>>> Signed-off-by: Colin Ian King <colin.king@canonical.com>

WBR, Sergei