Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3393968imm; Tue, 4 Sep 2018 22:33:31 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZuDpOEX+wC9spMInE5oI0oe0FjUzCyPcZWJpBhFO6U1DTSWWvq4e9VeKBVnlxCP5InUnJe X-Received: by 2002:a62:c288:: with SMTP id w8-v6mr38598170pfk.92.1536125611326; Tue, 04 Sep 2018 22:33:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536125611; cv=none; d=google.com; s=arc-20160816; b=hVtRdF2CCSkxwPdzgSj2q6SEoZH6n73D5EE6QJQY8wfNqliUqHn+OZWg7mDpZKxrkb caXQob+ouEwf0IFt9mMa7fsIXZxJL++JJIOrO2WOYHuo77dLQxOtUCH1N5cjozt6LSbY g9bmBmpFGX9JlFXbQm5zkhoxLfPYHiwDsq3Hj1t/1dpRn1z5RfM+5hKWRPKtIfmaSlPQ OPCnnBFD0Dhb2TojKEviSV4J+o+vd6kI5yc9Cr0VOJrMdpAItL+N71CfzyXvI1ozwBYi 8yiupDGfcABquvbBlCCHWaxIbKD/T88ZuvfBkI3vNJbt+P9wnMVe6gz/LOnPZOn9av4n Uo+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:message-id:references :in-reply-to:subject:cc:to:from:date:content-transfer-encoding :mime-version:dkim-signature; bh=nPBdn7SskhJdkC5bpp9RkFnTg+yDGFGeFL5tNhAq3UE=; b=AeqHKGYrr7+5Gd09ahuqYoWgVxv4xwSwa3RxrCQ58AwyJUsyHQd+tA2ZokFIT26If0 z2WKIlRgjwWEtuMh3Br89P0AS/LhlHNNnLu94V4FFRQ1Quh7x2DB8BdRuZcgGZa9YwL/ Y75g8PANO8bxS/lhVLer9Wt/P4FcYIMJ4iYwFyeKDmyD10u7giI7SByriZ5gA4IqdYZG qPiUoTL1K+6+ZnYhI6BUHQ4P/EC0x0DcU9uNbVCtkEFq6rfNFvWYWvaC1XZNTDgoua31 17IlwP66/1ngnhSpRUSZYJ8e9DuGBrhbG7EpftccCzTm5zx9OOKu6AHTZ2y+E/FvUd1K bDVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@agner.ch header.s=dkim header.b="qrOr/Q0k"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t9-v6si956302pgr.244.2018.09.04.22.33.13; Tue, 04 Sep 2018 22:33:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@agner.ch header.s=dkim header.b="qrOr/Q0k"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727599AbeIEKA3 (ORCPT + 99 others); Wed, 5 Sep 2018 06:00:29 -0400 Received: from mail.kmu-office.ch ([178.209.48.109]:56546 "EHLO mail.kmu-office.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727572AbeIEKA3 (ORCPT ); Wed, 5 Sep 2018 06:00:29 -0400 Received: from webmail.kmu-office.ch (unknown [IPv6:2a02:418:6a02::a3]) by mail.kmu-office.ch (Postfix) with ESMTPSA id 8BCB85C07CF; Wed, 5 Sep 2018 07:32:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agner.ch; s=dkim; t=1536125520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nPBdn7SskhJdkC5bpp9RkFnTg+yDGFGeFL5tNhAq3UE=; b=qrOr/Q0k+AOz0JIa5LF1KLrHAxF/Lt34UUhL4MEhYW30pPSc4hW4l43z5Tycp6uiz9REy4 Fh4/OoPbUNZDVPtpAN27RJleCeYsr4/cr6VsQKX++SDmSDrML4e9RoV0zJwCgcCPdvA+r/ AHXbBOodErRaDX4mnW2HS5AnOozD7V0= MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Tue, 04 Sep 2018 22:32:00 -0700 From: Stefan Agner To: "Gustavo A. R. Silva" Cc: Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] HID: core: fix NULL pointer dereference In-Reply-To: <20180829152209.GA29831@embeddedor.com> References: <20180829152209.GA29831@embeddedor.com> Message-ID: <1b6f1722c86df1cdef59c14bfd485f0b@agner.ch> X-Sender: stefan@agner.ch User-Agent: Roundcube Webmail/1.3.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 29.08.2018 08:22, Gustavo A. R. Silva wrote: > There is a NULL pointer dereference in case memory resources > for *parse* are not successfully allocated. > > Fix this by adding a new goto label and make the execution > path jump to it in case vzalloc() fails. > > Addresses-Coverity-ID: 1473081 ("Dereference after null check") > Fixes: b2dd9f2e5a8a ("HID: core: fix memory leak on probe") > Signed-off-by: Gustavo A. R. Silva Reviewed-by: Stefan Agner -- Stefan > --- > drivers/hid/hid-core.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c > index 4548dae..5bec924 100644 > --- a/drivers/hid/hid-core.c > +++ b/drivers/hid/hid-core.c > @@ -1000,7 +1000,7 @@ int hid_open_report(struct hid_device *device) > parser = vzalloc(sizeof(struct hid_parser)); > if (!parser) { > ret = -ENOMEM; > - goto err; > + goto alloc_err; > } > > parser->device = device; > @@ -1049,6 +1049,7 @@ int hid_open_report(struct hid_device *device) > hid_err(device, "item fetching failed at offset %d\n", (int)(end - start)); > err: > kfree(parser->collection_stack); > +alloc_err: > vfree(parser); > hid_close_report(device); > return ret;