diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-06-19 19:01:01 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-06-19 20:30:31 -0700 |
commit | e42d50baf43120a78985f13f6e9c8f92fae091c2 (patch) | |
tree | e9f91f6a06afe1696be14092344cdececfe82e99 /drivers/fmc | |
parent | e3a3c3a205554e564751cd9c0276b2af813d7a92 (diff) | |
download | op-kernel-dev-e42d50baf43120a78985f13f6e9c8f92fae091c2.zip op-kernel-dev-e42d50baf43120a78985f13f6e9c8f92fae091c2.tar.gz |
FMC: NULL dereference on allocation failure
If we don't allocate "arr" then the cleanup path will dereference it and
oops.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/fmc')
-rw-r--r-- | drivers/fmc/fmc-sdb.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/drivers/fmc/fmc-sdb.c b/drivers/fmc/fmc-sdb.c index 74fb326..79adc39 100644 --- a/drivers/fmc/fmc-sdb.c +++ b/drivers/fmc/fmc-sdb.c @@ -46,16 +46,17 @@ static struct sdb_array *__fmc_scan_sdb_tree(struct fmc_device *fmc, onew = __sdb_rd(fmc, sdb_addr + 4, convert); n = __be16_to_cpu(*(uint16_t *)&onew); arr = kzalloc(sizeof(*arr), GFP_KERNEL); - if (arr) { - arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL); - arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL); - } - if (!arr || !arr->record || !arr->subtree) { + if (!arr) + return ERR_PTR(-ENOMEM); + arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL); + arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL); + if (!arr->record || !arr->subtree) { kfree(arr->record); kfree(arr->subtree); kfree(arr); return ERR_PTR(-ENOMEM); } + arr->len = n; arr->level = level; arr->fmc = fmc; |