The alloc_skb function returns NULL on error. So, test this case and
avoid a NULL dereference (skb->data).
Addresses-Coverity-ID: 1484718 ("Dereference null return value")
Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver")
Signed-off-by: John Wood <[email protected]>
---
drivers/bluetooth/virtio_bt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/virtio_bt.c b/drivers/bluetooth/virtio_bt.c
index c804db7e90f8..5f82574236c0 100644
--- a/drivers/bluetooth/virtio_bt.c
+++ b/drivers/bluetooth/virtio_bt.c
@@ -34,6 +34,8 @@ static int virtbt_add_inbuf(struct virtio_bluetooth *vbt)
int err;
skb = alloc_skb(1000, GFP_KERNEL);
+ if (!skb)
+ return -ENOMEM;
sg_init_one(sg, skb->data, 1000);
err = virtqueue_add_inbuf(vq, sg, 1, skb, GFP_KERNEL);
--
2.25.1
Hi John,
> The alloc_skb function returns NULL on error. So, test this case and
> avoid a NULL dereference (skb->data).
>
> Addresses-Coverity-ID: 1484718 ("Dereference null return value")
> Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver")
> Signed-off-by: John Wood <[email protected]>
> ---
> drivers/bluetooth/virtio_bt.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/bluetooth/virtio_bt.c b/drivers/bluetooth/virtio_bt.c
> index c804db7e90f8..5f82574236c0 100644
> --- a/drivers/bluetooth/virtio_bt.c
> +++ b/drivers/bluetooth/virtio_bt.c
> @@ -34,6 +34,8 @@ static int virtbt_add_inbuf(struct virtio_bluetooth *vbt)
> int err;
>
> skb = alloc_skb(1000, GFP_KERNEL);
> + if (!skb)
> + return -ENOMEM;
> sg_init_one(sg, skb->data, 1000);
this is already fixed.
Author: Colin Ian King <[email protected]>
Date: Fri Apr 9 17:53:14 2021 +0100
Bluetooth: virtio_bt: add missing null pointer check on alloc_skb call return
The call to alloc_skb with the GFP_KERNEL flag can return a null sk_buff
pointer, so add a null check to avoid any null pointer deference issues.
Addresses-Coverity: ("Dereference null return value")
Fixes: afd2daa26c7a ("Bluetooth: Add support for virtio transport driver")
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
Regards
Marcel
On Sun, Jul 04, 2021 at 04:55:04PM +0200, John Wood wrote:
> The alloc_skb function returns NULL on error. So, test this case and
> avoid a NULL dereference (skb->data).
>
> Addresses-Coverity-ID: 1484718 ("Dereference null return value")
> Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver")
> Signed-off-by: John Wood <[email protected]>
> ---
> drivers/bluetooth/virtio_bt.c | 2 ++
> 1 file changed, 2 insertions(+)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>