Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751605AbcLCKku (ORCPT ); Sat, 3 Dec 2016 05:40:50 -0500 Received: from m50-135.163.com ([123.125.50.135]:38541 "EHLO m50-135.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750775AbcLCKks (ORCPT ); Sat, 3 Dec 2016 05:40:48 -0500 From: Pan Bian To: Greg Kroah-Hartman , Jiri Slaby , linux-serial@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Pan Bian Subject: [PATCH 1/1] tty: serial: set error code when kasprintf fails Date: Sat, 3 Dec 2016 18:40:25 +0800 Message-Id: <1480761625-4773-1-git-send-email-bianpan2016@163.com> X-Mailer: git-send-email 1.9.1 X-CM-TRANSID: D9GowABHX9sZoUJYIsmEIA--.33491S3 X-Coremail-Antispam: 1Uf129KBjvdXoWruw4UJr17uw1fuFW3Cr45Jrb_yoWkWrbEka ykZwnrZrW8ur4Fqw17G343ur9a9r4DZFn5GrnIqF9FkFZrGa92vFsFqwn8Xw4DW3yxZr1D W3Z3u3W3ArnrujkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IU5OeOPUUUUU== X-Originating-IP: [222.131.246.88] X-CM-SenderInfo: held01tdqsiiqw6rljoofrz/1tbiVAA1clUL+mrpjAAAs4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1103 Lines: 33 When the call to kasprintf() returns a NULL pointer, function sci_request_irq() frees the preallocated memory and returns 0 is returned. Because 0 means no error, the caller of sci_request_irq() will keep going, and the freed memory may be used or freed again. To avoid the above issue, this patch assigns "-ENOMEM" to the return variable ret. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188691 Signed-off-by: Pan Bian --- drivers/tty/serial/sh-sci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index 4b26252..69471bf 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -1753,8 +1753,10 @@ static int sci_request_irq(struct sci_port *port) desc = sci_irq_desc + i; port->irqstr[j] = kasprintf(GFP_KERNEL, "%s:%s", dev_name(up->dev), desc->desc); - if (!port->irqstr[j]) + if (!port->irqstr[j]) { + ret = -ENOMEM; goto out_nomem; + } ret = request_irq(irq, desc->handler, up->irqflags, port->irqstr[j], port); -- 1.9.1