This patch add a missing a check on the return value of devm_kzalloc,
which would cause a NULL pointer dereference in a OOM situation.
Signed-off-by: Kiran Padwal <[email protected]>
---
drivers/media/i2c/s5k5baf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/i2c/s5k5baf.c b/drivers/media/i2c/s5k5baf.c
index 60a74d8..156b975 100644
--- a/drivers/media/i2c/s5k5baf.c
+++ b/drivers/media/i2c/s5k5baf.c
@@ -374,6 +374,8 @@ static int s5k5baf_fw_parse(struct device *dev, struct s5k5baf_fw **fw,
count -= S5K5BAG_FW_TAG_LEN;
d = devm_kzalloc(dev, count * sizeof(u16), GFP_KERNEL);
+ if (!d)
+ return -ENOMEM;
for (i = 0; i < count; ++i)
d[i] = le16_to_cpu(data[i]);
--
1.7.9.5
Hi Kiran,
Thanks for spotting it.
On 02/05/2015 11:09 AM, Kiran Padwal wrote:
> This patch add a missing a check on the return value of devm_kzalloc,
> which would cause a NULL pointer dereference in a OOM situation.
>
> Signed-off-by: Kiran Padwal <[email protected]>
> ---
> drivers/media/i2c/s5k5baf.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/media/i2c/s5k5baf.c b/drivers/media/i2c/s5k5baf.c
> index 60a74d8..156b975 100644
> --- a/drivers/media/i2c/s5k5baf.c
> +++ b/drivers/media/i2c/s5k5baf.c
> @@ -374,6 +374,8 @@ static int s5k5baf_fw_parse(struct device *dev, struct s5k5baf_fw **fw,
> count -= S5K5BAG_FW_TAG_LEN;
>
> d = devm_kzalloc(dev, count * sizeof(u16), GFP_KERNEL);
> + if (!d)
> + return -ENOMEM;
>
> for (i = 0; i < count; ++i)
> d[i] = le16_to_cpu(data[i]);
Acked-by: Andrzej Hajda <[email protected]>
Regards
Andrzej