| Message ID | 4DC7F4AB.90607@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, 9 May 2011, Vladimir Motyka wrote: > When allocation of idata fails there was a null dereferece. Why not have a different label for the two cases? That would make the code easier to statically analyze, and perhaps be more understandable as well. julia > Signed-off-by: Vladimir Motyka <vladimir.motyka@gmail.com> > > --- > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c > index 407836d..3dec493 100644 > --- a/drivers/mmc/card/block.c > +++ b/drivers/mmc/card/block.c > @@ -266,10 +266,10 @@ static struct mmc_blk_ioc_data > *mmc_blk_ioctl_copy_from_user( > return idata; > > copy_err: > - kfree(idata->buf); > + if(idata) > + kfree(idata->buf); > kfree(idata); > return ERR_PTR(err); > - > } > > static int mmc_blk_ioctl_cmd(struct block_device *bdev, > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 407836d..3dec493 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -266,10 +266,10 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( return idata; copy_err: - kfree(idata->buf); + if(idata) + kfree(idata->buf); kfree(idata); return ERR_PTR(err); - }
When allocation of idata fails there was a null dereferece. Signed-off-by: Vladimir Motyka <vladimir.motyka@gmail.com> --- static int mmc_blk_ioctl_cmd(struct block_device *bdev, -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html