In case devm_kzalloc fails, the patch returns -ENOMEM to avoid
potential NULL pointer dereference.
Signed-off-by: Kangjie Lu <[email protected]>
---
sound/soc/codecs/rt5663.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
index da6647015708..909ab99a1995 100644
--- a/sound/soc/codecs/rt5663.c
+++ b/sound/soc/codecs/rt5663.c
@@ -3480,6 +3480,8 @@ static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
table_size = sizeof(struct impedance_mapping_table) *
rt5663->pdata.impedance_sensing_num;
rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
+ if (!rt5663->imp_table)
+ return -ENOMEM;
device_property_read_u32_array(dev,
"realtek,impedance_sensing_table",
(u32 *)rt5663->imp_table, table_size);
--
2.17.1
On 3/25/2019 4:42 AM, Kangjie Lu wrote:
> In case devm_kzalloc fails, the patch returns -ENOMEM to avoid
> potential NULL pointer dereference.
>
> Signed-off-by: Kangjie Lu <[email protected]>
> ---
> sound/soc/codecs/rt5663.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
> index da6647015708..909ab99a1995 100644
> --- a/sound/soc/codecs/rt5663.c
> +++ b/sound/soc/codecs/rt5663.c
> @@ -3480,6 +3480,8 @@ static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
> table_size = sizeof(struct impedance_mapping_table) *
> rt5663->pdata.impedance_sensing_num;
> rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
> + if (!rt5663->imp_table)
> + return -ENOMEM;
add checks in rt5663_parse_dp as well.
Thanks.
Mukesh
> device_property_read_u32_array(dev,
> "realtek,impedance_sensing_table",
> (u32 *)rt5663->imp_table, table_size);
Hi Kangjje/Aditya,
Please do take care of the return value you are sending upstream whether
still is checked or not
otherwise NULL pointer dereference will still come.
Also resource release properly otherwise your patch may looks simple but
it can introduce memory leak as well in other path.
Thanks,
Mukesh
On 3/25/2019 12:15 PM, Mukesh Ojha wrote:
>
> On 3/25/2019 4:42 AM, Kangjie Lu wrote:
>> In case devm_kzalloc fails, the patch returns -ENOMEM to avoid
>> potential NULL pointer dereference.
>>
>> Signed-off-by: Kangjie Lu <[email protected]>
>> ---
>> sound/soc/codecs/rt5663.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
>> index da6647015708..909ab99a1995 100644
>> --- a/sound/soc/codecs/rt5663.c
>> +++ b/sound/soc/codecs/rt5663.c
>> @@ -3480,6 +3480,8 @@ static int rt5663_parse_dp(struct rt5663_priv
>> *rt5663, struct device *dev)
>> table_size = sizeof(struct impedance_mapping_table) *
>> rt5663->pdata.impedance_sensing_num;
>> rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
>> + if (!rt5663->imp_table)
>> + return -ENOMEM;
>
> add checks in rt5663_parse_dp as well.
>
> Thanks.
> Mukesh
>
>
>> device_property_read_u32_array(dev,
>> "realtek,impedance_sensing_table",
>> (u32 *)rt5663->imp_table, table_size);
In case devm_kzalloc fails, the patch returns -ENOMEM to avoid
potential NULL pointer dereference.
Also add a check for rt5663_parse_dp to pass the error code
upstream
Signed-off-by: Kangjie Lu <[email protected]>
Reviewed-by: Mukesh Ojha <[email protected]>
---
v2: pass error code upstream in the caller as suggested by
Mukesh Ojha <[email protected]>
---
sound/soc/codecs/rt5663.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
index da6647015708..ab03ba499ad2 100644
--- a/sound/soc/codecs/rt5663.c
+++ b/sound/soc/codecs/rt5663.c
@@ -3480,6 +3480,8 @@ static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
table_size = sizeof(struct impedance_mapping_table) *
rt5663->pdata.impedance_sensing_num;
rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
+ if (!rt5663->imp_table)
+ return -ENOMEM;
device_property_read_u32_array(dev,
"realtek,impedance_sensing_table",
(u32 *)rt5663->imp_table, table_size);
@@ -3507,8 +3509,11 @@ static int rt5663_i2c_probe(struct i2c_client *i2c,
if (pdata)
rt5663->pdata = *pdata;
- else
- rt5663_parse_dp(rt5663, &i2c->dev);
+ else {
+ ret = rt5663_parse_dp(rt5663, &i2c->dev);
+ if (ret)
+ return ret;
+ }
for (i = 0; i < ARRAY_SIZE(rt5663->supplies); i++)
rt5663->supplies[i].supply = rt5663_supply_names[i];
--
2.17.1