Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3187993imc;
        Wed, 13 Mar 2019 11:03:10 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzz8i3xUXcdQsgbAQlnMwyIgU8kTbvfWwoWjumHJNcylbeVR1ux6AHu22XNA+pTuwNoPDeh
X-Received: by 2002:a17:902:3:: with SMTP id 3mr41629545pla.114.1552500190474;
        Wed, 13 Mar 2019 11:03:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552500190; cv=none;
        d=google.com; s=arc-20160816;
        b=E0lussm87jYcffFDetlXuTaAIG6lGoQvC7SFTduQvLhXrNip3fzPvegD0buTciFXEp
         OswFe2kQxLn9VQcstnBn3tnz0ZGxm84zWAuNO0l2qGeI3Au3NzQLM5BfNnC0vATA/d+F
         GRjHvdd0eI7GaBhf4OQQAdaehAEcHcASQ8V7NYSStKbrLu4YjPf1E4czxGG+bVfoL+EC
         xNTS0x6xa4NVpgpXmXOM/bhokut52wQ2QWkIMMJYtISBdjHJ+09q4Cy9mKmeYwQCGWZp
         yKLDfK0d/C2oWcnuSeXMoxQtyVm0RRMiXYsO7HEYzQuqxvQpctRvJucdzhrpAZ/ln9cu
         49Sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:in-reply-to
         :subject:cc:to:from:date;
        bh=1J3qmiQsLjC1f4J0ThjBThxmgLXEEYevT5KNyztzRf0=;
        b=KHnbYRala4zDHniY3y46vKD7XfConDjFQLNJJuBCAvD+3zY19xwL/t34kBAQiBIcpF
         /SEPjoct4DWuORAMT0bmaedGQm1lByWl6zfdw5snvro/nGqqn/jv1MVHu3WssY1UuDPZ
         LdoNRhyMvkL+uLMB362jh5dExUp6y2v5oK0Vf3y/CAEhEGVX8X7OkaDJqqW2+MPt1ish
         9NebZTK44b8Lc9sYZ+gmpZQodrZ6HYx0lWlgjY/Gp75vZOKliyoqqT+0M0zeOq7adn59
         /gW0XYXVVIh0Ouqamvf1iaAUYdFu0ep13eTWiV0rkvIDQWAY7vRQ4Z1Pzl14+fzmr3Ws
         pOhg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b125si11389860pfb.242.2019.03.13.11.02.54;
        Wed, 13 Mar 2019 11:03:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726847AbfCMSBJ (ORCPT <rfc822;michael.k.kehoe@gmail.com>
        + 99 others); Wed, 13 Mar 2019 14:01:09 -0400
Received: from iolanthe.rowland.org ([192.131.102.54]:53864 "HELO
        iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1725876AbfCMSBJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Mar 2019 14:01:09 -0400
Received: (qmail 6912 invoked by uid 2102); 13 Mar 2019 14:01:08 -0400
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 Mar 2019 14:01:08 -0400
Date:   Wed, 13 Mar 2019 14:01:08 -0400 (EDT)
From:   Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@iolanthe.rowland.org
To:     Aditya Pakki <pakki001@umn.edu>
cc:     kjlu@umn.edu, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        <linux-usb@vger.kernel.org>,
        <usb-storage@lists.one-eyed-alien.net>,
        <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] USB: storage: Fix potential NULL pointer derefernce
In-Reply-To: <20190313174858.23859-1-pakki001@umn.edu>
Message-ID: <Pine.LNX.4.44L0.1903131355570.1405-100000@iolanthe.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 13 Mar 2019, Aditya Pakki wrote:

> Allocating memory via kcalloc for pba_to_lba and lba_to_pba can
> fail. The fix avoids a potential NULL pointer dereference.
> 
> Signed-off-by: Aditya Pakki <pakki001@umn.edu>
> ---
>  drivers/usb/storage/alauda.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c
> index 6b8edf6178df..41d979e70784 100644
> --- a/drivers/usb/storage/alauda.c
> +++ b/drivers/usb/storage/alauda.c
> @@ -438,6 +438,11 @@ static int alauda_init_media(struct us_data *us)
>  	MEDIA_INFO(us).pba_to_lba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
>  	MEDIA_INFO(us).lba_to_pba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO);
>  
> +	if (!MEDIA_INFO(us).pba_to_lba || !MEDIA_INFO(us).lba_to_pba) {
> +		pr_warn("%s: Failed to allocate memory\n", __func__);
> +		return USB_STOR_TRANSPORT_ERROR;
> +	}
> +
>  	if (alauda_reset_media(us) != USB_STOR_XFER_GOOD)
>  		return USB_STOR_TRANSPORT_ERROR;

In fact this won't accomplish anything, because the return value from 
alauda_init_media() isn't used.  The driver appears to need more than 
a single change.

Alan Stern