| Message ID | 20190313174858.23859-1-pakki001@umn.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | USB: storage: Fix potential NULL pointer derefernce | expand |
On Wed, 13 Mar 2019, Aditya Pakki wrote: > Allocating memory via kcalloc for pba_to_lba and lba_to_pba can > fail. The fix avoids a potential NULL pointer dereference. > > Signed-off-by: Aditya Pakki <pakki001@umn.edu> > --- > drivers/usb/storage/alauda.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c > index 6b8edf6178df..41d979e70784 100644 > --- a/drivers/usb/storage/alauda.c > +++ b/drivers/usb/storage/alauda.c > @@ -438,6 +438,11 @@ static int alauda_init_media(struct us_data *us) > MEDIA_INFO(us).pba_to_lba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO); > MEDIA_INFO(us).lba_to_pba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO); > > + if (!MEDIA_INFO(us).pba_to_lba || !MEDIA_INFO(us).lba_to_pba) { > + pr_warn("%s: Failed to allocate memory\n", __func__); > + return USB_STOR_TRANSPORT_ERROR; > + } > + > if (alauda_reset_media(us) != USB_STOR_XFER_GOOD) > return USB_STOR_TRANSPORT_ERROR; In fact this won't accomplish anything, because the return value from alauda_init_media() isn't used. The driver appears to need more than a single change. Alan Stern
diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c index 6b8edf6178df..41d979e70784 100644 --- a/drivers/usb/storage/alauda.c +++ b/drivers/usb/storage/alauda.c @@ -438,6 +438,11 @@ static int alauda_init_media(struct us_data *us) MEDIA_INFO(us).pba_to_lba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO); MEDIA_INFO(us).lba_to_pba = kcalloc(num_zones, sizeof(u16*), GFP_NOIO); + if (!MEDIA_INFO(us).pba_to_lba || !MEDIA_INFO(us).lba_to_pba) { + pr_warn("%s: Failed to allocate memory\n", __func__); + return USB_STOR_TRANSPORT_ERROR; + } + if (alauda_reset_media(us) != USB_STOR_XFER_GOOD) return USB_STOR_TRANSPORT_ERROR;
Allocating memory via kcalloc for pba_to_lba and lba_to_pba can fail. The fix avoids a potential NULL pointer dereference. Signed-off-by: Aditya Pakki <pakki001@umn.edu> --- drivers/usb/storage/alauda.c | 5 +++++ 1 file changed, 5 insertions(+)