[PATCH 1/1] staging: check return value of dev_alloc_skb() against NULL
Dan Carpenter
dan.carpenter at oracle.com
Wed Oct 30 09:40:22 UTC 2013
On Mon, Oct 28, 2013 at 01:08:19PM +0800, RUC_SoftSec wrote:
> Function dev_alloc_skb() may return a NULL pointer if there is no enough memory, it should be checked against NULL before used.
> This bug is found by a static analysis tool developed by RUC_SoftSec, supported by China.X.Orion.
>
> Signed-off-by: RUC_SoftSec <rucsoftsec at gmail.com>
> ---
> drivers/staging/rtl8192u/r819xU_firmware.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/staging/rtl8192u/r819xU_firmware.c b/drivers/staging/rtl8192u/r819xU_firmware.c
> index bb924ac..045e48c 100644
> --- a/drivers/staging/rtl8192u/r819xU_firmware.c
> +++ b/drivers/staging/rtl8192u/r819xU_firmware.c
> @@ -66,6 +66,10 @@ bool fw_download_code(struct net_device *dev, u8 *code_virtual_address, u32 buff
> #else
> skb = dev_alloc_skb(frag_length + 4);
> #endif
> + if (skb == NULL) {
> + rt_status = false;
> + break;
> + }
> memcpy((unsigned char *)(skb->cb),&dev,sizeof(dev));
> tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
> tcb_desc->queue_index = TXCMD_QUEUE;
> @@ -124,6 +128,10 @@ fwSendNullPacket(
>
> //Get TCB and local buffer from common pool. (It is shared by CmdQ, MgntQ, and USB coalesce DataQ)
> skb = dev_alloc_skb(Length+ 4);
> + if (skb == NULL) {
> + rtStatus = false;
> + return rtStatus;
Just do:
if (!skb)
return false;
regards,
dan carpenter
More information about the devel
mailing list