diff options
author | Vladimir Motyka <vladimir.motyka@gmail.com> | 2011-05-11 00:00:43 -0400 |
---|---|---|
committer | Chris Ball <cjb@laptop.org> | 2011-05-24 23:53:49 -0400 |
commit | aea253ecffecd38b5ab97edd73fbe2842a7de371 (patch) | |
tree | 43ed3d608705c5a7fb5dbdbb8d75efa120f114ba | |
parent | cf2b5eea1ea0ff9b3184bc6771bcb93a9fdcd1d9 (diff) | |
download | op-kernel-dev-aea253ecffecd38b5ab97edd73fbe2842a7de371.zip op-kernel-dev-aea253ecffecd38b5ab97edd73fbe2842a7de371.tar.gz |
mmc: card: fix potential null dereference of 'idata'
When allocation of idata failed there was a null dereference. Also avoid
calling kfree where it isn't needed.
Signed-off-by: Vladimir Motyka <vladimir.motyka@gmail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
-rw-r--r-- | drivers/mmc/card/block.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 407836d..126c7f4 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -237,24 +237,24 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( idata = kzalloc(sizeof(*idata), GFP_KERNEL); if (!idata) { err = -ENOMEM; - goto copy_err; + goto out; } if (copy_from_user(&idata->ic, user, sizeof(idata->ic))) { err = -EFAULT; - goto copy_err; + goto idata_err; } idata->buf_bytes = (u64) idata->ic.blksz * idata->ic.blocks; if (idata->buf_bytes > MMC_IOC_MAX_BYTES) { err = -EOVERFLOW; - goto copy_err; + goto idata_err; } idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL); if (!idata->buf) { err = -ENOMEM; - goto copy_err; + goto idata_err; } if (copy_from_user(idata->buf, (void __user *)(unsigned long) @@ -267,9 +267,10 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( copy_err: kfree(idata->buf); +idata_err: kfree(idata); +out: return ERR_PTR(err); - } static int mmc_blk_ioctl_cmd(struct block_device *bdev, |