2024-01-19 07:47:01

by Kunwu Chan

[permalink] [raw]
Subject: [PATCH] meson-mx-socinfo: Fix possible null-pointer dereference issues in meson_mx_socinfo_init

In meson_mx_socinfo_revision, kasprintf() returns a pointer
to dynamically allocated memory which can be NULL upon failure.

Similarly, the kstrdup_const in the meson_mx_socinfo_soc_id
returns a null pointer when it fails. Ensure the allocation was successful
by checking the pointer validity. Avoid null pointer dereference issues.

Signed-off-by: Kunwu Chan <[email protected]>
---
drivers/soc/amlogic/meson-mx-socinfo.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/drivers/soc/amlogic/meson-mx-socinfo.c b/drivers/soc/amlogic/meson-mx-socinfo.c
index 92125dd65f33..9c0296599561 100644
--- a/drivers/soc/amlogic/meson-mx-socinfo.c
+++ b/drivers/soc/amlogic/meson-mx-socinfo.c
@@ -160,6 +160,12 @@ static int __init meson_mx_socinfo_init(void)
metal_rev);
soc_dev_attr->soc_id = meson_mx_socinfo_soc_id(major_ver, metal_rev);

+ if (!soc_dev_attr->revision || !soc_dev_attr->soc_id) {
+ kfree_const(soc_dev_attr->revision);
+ kfree_const(soc_dev_attr->soc_id);
+ kfree(soc_dev_attr);
+ return -ENOMEM;
+ }
soc_dev = soc_device_register(soc_dev_attr);
if (IS_ERR(soc_dev)) {
kfree_const(soc_dev_attr->revision);
--
2.39.2



2024-01-19 09:12:15

by Markus Elfring

[permalink] [raw]
Subject: Re: [PATCH] meson-mx-socinfo: Fix possible null-pointer dereference issues in meson_mx_socinfo_init

> In meson_mx_socinfo_revision, kasprintf() returns a pointer
> to dynamically allocated memory which can be NULL upon failure.
>
> Similarly, the kstrdup_const in the meson_mx_socinfo_soc_id
> returns a null pointer when it fails. Ensure the allocation was successful
> by checking the pointer validity. Avoid null pointer dereference issues.

Would you like to add the tag “Fixes” for the completion of the error handling
in this function implementation?



> +++ b/drivers/soc/amlogic/meson-mx-socinfo.c
> @@ -160,6 +160,12 @@ static int __init meson_mx_socinfo_init(void)
> metal_rev);
> soc_dev_attr->soc_id = meson_mx_socinfo_soc_id(major_ver, metal_rev);
>
> + if (!soc_dev_attr->revision || !soc_dev_attr->soc_id) {

I suggest to split such a check for null pointers.


> + kfree_const(soc_dev_attr->revision);
> + kfree_const(soc_dev_attr->soc_id);
> + kfree(soc_dev_attr);
> + return -ENOMEM;
> + }
> soc_dev = soc_device_register(soc_dev_attr);
> if (IS_ERR(soc_dev)) {
> kfree_const(soc_dev_attr->revision);

Please use a goto chain for better exception handling.
https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources

Regards,
Markus