2014-04-07 06:30:58

by Dan Carpenter

[permalink] [raw]
Subject: [patch] clk: st: NULL dereference on error in st_of_clkgen_vcc_setup()

There are two allocations where, if they fail, then we end up
dereferencing the NULL pointer in the error handling code.

Fixes: 94885faf9dbc ('clk: st: Support for DIVMUX and PreDiv Clocks')
Signed-off-by: Dan Carpenter <[email protected]>

diff --git a/drivers/clk/st/clkgen-mux.c b/drivers/clk/st/clkgen-mux.c
index a329906..10899bc 100644
--- a/drivers/clk/st/clkgen-mux.c
+++ b/drivers/clk/st/clkgen-mux.c
@@ -714,14 +714,14 @@ void __init st_of_clkgen_vcc_setup(struct device_node *np)

clk_data = kzalloc(sizeof(*clk_data), GFP_KERNEL);
if (!clk_data)
- goto err;
+ goto err_free_parents;

clk_data->clk_num = VCC_MAX_CHANNELS;
clk_data->clks = kzalloc(clk_data->clk_num * sizeof(struct clk *),
GFP_KERNEL);

if (!clk_data->clks)
- goto err;
+ goto err_free_data;

for (i = 0; i < clk_data->clk_num; i++) {
struct clk *clk;
@@ -811,10 +811,11 @@ err:
kfree(container_of(composite->mux_hw, struct clk_mux, hw));
}

- if (clk_data)
- kfree(clk_data->clks);
+ kfree(clk_data->clks);

+err_free_data:
kfree(clk_data);
+err_free_parents:
kfree(parents);
}
CLK_OF_DECLARE(clkgen_vcc, "st,clkgen-vcc", st_of_clkgen_vcc_setup);


2014-04-07 13:06:29

by Gabriel FERNANDEZ

[permalink] [raw]
Subject: Re: [patch] clk: st: NULL dereference on error in st_of_clkgen_vcc_setup()

Thanks Dan,
i m agree with patch.

Best Regards.

Gabriel

On 04/07/2014 08:30 AM, Dan Carpenter wrote:
> There are two allocations where, if they fail, then we end up
> dereferencing the NULL pointer in the error handling code.
>
> Fixes: 94885faf9dbc ('clk: st: Support for DIVMUX and PreDiv Clocks')
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/clk/st/clkgen-mux.c b/drivers/clk/st/clkgen-mux.c
> index a329906..10899bc 100644
> --- a/drivers/clk/st/clkgen-mux.c
> +++ b/drivers/clk/st/clkgen-mux.c
> @@ -714,14 +714,14 @@ void __init st_of_clkgen_vcc_setup(struct device_node *np)
>
> clk_data = kzalloc(sizeof(*clk_data), GFP_KERNEL);
> if (!clk_data)
> - goto err;
> + goto err_free_parents;
>
> clk_data->clk_num = VCC_MAX_CHANNELS;
> clk_data->clks = kzalloc(clk_data->clk_num * sizeof(struct clk *),
> GFP_KERNEL);
>
> if (!clk_data->clks)
> - goto err;
> + goto err_free_data;
>
> for (i = 0; i < clk_data->clk_num; i++) {
> struct clk *clk;
> @@ -811,10 +811,11 @@ err:
> kfree(container_of(composite->mux_hw, struct clk_mux, hw));
> }
>
> - if (clk_data)
> - kfree(clk_data->clks);
> + kfree(clk_data->clks);
>
> +err_free_data:
> kfree(clk_data);
> +err_free_parents:
> kfree(parents);
> }
> CLK_OF_DECLARE(clkgen_vcc, "st,clkgen-vcc", st_of_clkgen_vcc_setup);