Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3589326pxb; Mon, 24 Jan 2022 12:58:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJwQ188ZYsCxxlT5dG3aC+HGnKPEFmontwJOQKzhfhY60Vml0stk+wytuj5d7pTk5jZ+PZsK X-Received: by 2002:a17:90b:314e:: with SMTP id ip14mr37753pjb.213.1643057894108; Mon, 24 Jan 2022 12:58:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643057894; cv=none; d=google.com; s=arc-20160816; b=RWTCtpBSG+nT1MLkyw5kP5I2Rv2BnMjJYbmKq/TENZ+paVtnmDF0tyzmKai3d2gkAR 9RHlqSNfqgnQBDr+/d6I9ZBW6RQZC15eTQreh6i3dGUBpgiFolKYJ0GkL3eMVoOIlcqE g8KPbu6WDlHF6tXUEIZun/7BK/CG00XIuBwMrVs7FsoX2mALJzjZrIN1VFrHg2l8SNa0 RI671n7HiXzDAabqsnv67JNrwNXXqvLDjB1nsVKVmV64sEtuDVQRSWy3mNE+DYACuyX8 uvdL6XiTLT9EabtGE5JJsNZqU8wVdsLsyn8SUwrWYgdEOsQ6jNISVftGA43m/4Ng0Apf Ow6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RHwIKh4bGTHZeneeOXGLpp2a6yv7wYbpZiaU+i1wImA=; b=j4gySfTcq9bItJlARZeW04or2S9AsyXx8c6YevlgHsw4QeVC5md85z4y/9N8lIe1Z8 /9X1EaMje4zzL5C9DFJBx577ZHkLeNDoA/1rRCEgqLV24b1z9be/0Yg+P/8dDa784SlB 1faQboGGAELjF/ckoo02+SayJkFO83fuDFZWrpD/zyXCxpodT/Mh7vIZE4rqCia28i0M /luPdOG3FGaT4str0Uf5IVBIdczriw+AqSeic3AEOA4HoXQHg7s41p/qqHJJyQbhn16v kDrHFwkyQXYVB+V41zi30FbkFctQb7gx7NzVe6i9EE93gyJJysEuiX5jLTmIYXM38QwG 3eNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=e0WSezQL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k189si14695580pgc.440.2022.01.24.12.57.59; Mon, 24 Jan 2022 12:58:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=e0WSezQL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350331AbiAXUVz (ORCPT + 99 others); Mon, 24 Jan 2022 15:21:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354685AbiAXUDc (ORCPT ); Mon, 24 Jan 2022 15:03:32 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88346C0680BF; Mon, 24 Jan 2022 11:29:36 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2A0706142C; Mon, 24 Jan 2022 19:29:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0EE01C340E5; Mon, 24 Jan 2022 19:29:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643052575; bh=Dv2PrsEKWm7VT9rQNz9Uu+sSGVoXUWQfD7FuoCeluW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e0WSezQLONzQtkV68x7SZZPfDhc/AdRECO02CNiz2cmIlcpHYlv8IZIK0jyDS64v+ 7vDen61Sabe69nS3rCWQbJMFWAOPgRK+H/YfoWMuOQqGwee6LOdOPovI4oE7lX4SmU 5ghzBtnjO+iujZKgZhEmCa3xnOzGv0sdUwv8I6HU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alex Elder , Jiasheng Jiang , Sasha Levin Subject: [PATCH 5.4 105/320] staging: greybus: audio: Check null pointer Date: Mon, 24 Jan 2022 19:41:29 +0100 Message-Id: <20220124183957.297874723@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183953.750177707@linuxfoundation.org> References: <20220124183953.750177707@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiasheng Jiang [ Upstream commit 2e81948177d769106754085c3e03534e6cc1f623 ] As the possible alloc failure of devm_kcalloc(), it could return null pointer. Therefore, 'strings' should be checked and return NULL if alloc fails to prevent the dereference of the NULL pointer. Also, the caller should also deal with the return value of the gb_generate_enum_strings() and return -ENOMEM if returns NULL. Moreover, because the memory allocated with devm_kzalloc() will be freed automatically when the last reference to the device is dropped, the 'gbe' in gbaudio_tplg_create_enum_kctl() and gbaudio_tplg_create_enum_ctl() do not need to free manually. But the 'control' in gbaudio_tplg_create_widget() and gbaudio_tplg_process_kcontrols() has a specially error handle to cleanup. So it should be better to cleanup 'control' when fails. Fixes: e65579e335da ("greybus: audio: topology: Enable enumerated control support") Reviewed-by: Alex Elder Signed-off-by: Jiasheng Jiang Link: https://lore.kernel.org/r/20220104150628.1987906-1-jiasheng@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- drivers/staging/greybus/audio_topology.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/staging/greybus/audio_topology.c b/drivers/staging/greybus/audio_topology.c index a8cfea957868a..3e2fbcd20598a 100644 --- a/drivers/staging/greybus/audio_topology.c +++ b/drivers/staging/greybus/audio_topology.c @@ -145,6 +145,9 @@ static const char **gb_generate_enum_strings(struct gbaudio_module_info *gb, items = le32_to_cpu(gbenum->items); strings = devm_kcalloc(gb->dev, items, sizeof(char *), GFP_KERNEL); + if (!strings) + return NULL; + data = gbenum->names; for (i = 0; i < items; i++) { @@ -662,6 +665,8 @@ static int gbaudio_tplg_create_enum_kctl(struct gbaudio_module_info *gb, /* since count=1, and reg is dummy */ gbe->max = le32_to_cpu(gb_enum->items); gbe->texts = gb_generate_enum_strings(gb, gb_enum); + if (!gbe->texts) + return -ENOMEM; /* debug enum info */ dev_dbg(gb->dev, "Max:%d, name_length:%d\n", gbe->max, @@ -871,6 +876,8 @@ static int gbaudio_tplg_create_enum_ctl(struct gbaudio_module_info *gb, /* since count=1, and reg is dummy */ gbe->max = le32_to_cpu(gb_enum->items); gbe->texts = gb_generate_enum_strings(gb, gb_enum); + if (!gbe->texts) + return -ENOMEM; /* debug enum info */ dev_dbg(gb->dev, "Max:%d, name_length:%d\n", gbe->max, @@ -1081,6 +1088,10 @@ static int gbaudio_tplg_create_widget(struct gbaudio_module_info *module, csize += le16_to_cpu(gbenum->names_length); control->texts = (const char * const *) gb_generate_enum_strings(module, gbenum); + if (!control->texts) { + ret = -ENOMEM; + goto error; + } control->items = le32_to_cpu(gbenum->items); } else { csize = sizeof(struct gb_audio_control); @@ -1190,6 +1201,10 @@ static int gbaudio_tplg_process_kcontrols(struct gbaudio_module_info *module, csize += le16_to_cpu(gbenum->names_length); control->texts = (const char * const *) gb_generate_enum_strings(module, gbenum); + if (!control->texts) { + ret = -ENOMEM; + goto error; + } control->items = le32_to_cpu(gbenum->items); } else { csize = sizeof(struct gb_audio_control); -- 2.34.1