| Message ID | 20210704145504.24756-1-john.wood@gmx.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | bluetooth/virtio_bt: Fix dereference null return value | expand |
Hi John, > The alloc_skb function returns NULL on error. So, test this case and > avoid a NULL dereference (skb->data). > > Addresses-Coverity-ID: 1484718 ("Dereference null return value") > Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver") > Signed-off-by: John Wood <john.wood@gmx.com> > --- > drivers/bluetooth/virtio_bt.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/bluetooth/virtio_bt.c b/drivers/bluetooth/virtio_bt.c > index c804db7e90f8..5f82574236c0 100644 > --- a/drivers/bluetooth/virtio_bt.c > +++ b/drivers/bluetooth/virtio_bt.c > @@ -34,6 +34,8 @@ static int virtbt_add_inbuf(struct virtio_bluetooth *vbt) > int err; > > skb = alloc_skb(1000, GFP_KERNEL); > + if (!skb) > + return -ENOMEM; > sg_init_one(sg, skb->data, 1000); this is already fixed. Author: Colin Ian King <colin.king@canonical.com> Date: Fri Apr 9 17:53:14 2021 +0100 Bluetooth: virtio_bt: add missing null pointer check on alloc_skb call return The call to alloc_skb with the GFP_KERNEL flag can return a null sk_buff pointer, so add a null check to avoid any null pointer deference issues. Addresses-Coverity: ("Dereference null return value") Fixes: afd2daa26c7a ("Bluetooth: Add support for virtio transport driver") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Regards Marcel
On Sun, Jul 04, 2021 at 04:55:04PM +0200, John Wood wrote: > The alloc_skb function returns NULL on error. So, test this case and > avoid a NULL dereference (skb->data). > > Addresses-Coverity-ID: 1484718 ("Dereference null return value") > Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver") > Signed-off-by: John Wood <john.wood@gmx.com> > --- > drivers/bluetooth/virtio_bt.c | 2 ++ > 1 file changed, 2 insertions(+) <formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly. </formletter>
diff --git a/drivers/bluetooth/virtio_bt.c b/drivers/bluetooth/virtio_bt.c index c804db7e90f8..5f82574236c0 100644 --- a/drivers/bluetooth/virtio_bt.c +++ b/drivers/bluetooth/virtio_bt.c @@ -34,6 +34,8 @@ static int virtbt_add_inbuf(struct virtio_bluetooth *vbt) int err; skb = alloc_skb(1000, GFP_KERNEL); + if (!skb) + return -ENOMEM; sg_init_one(sg, skb->data, 1000); err = virtqueue_add_inbuf(vq, sg, 1, skb, GFP_KERNEL);
The alloc_skb function returns NULL on error. So, test this case and avoid a NULL dereference (skb->data). Addresses-Coverity-ID: 1484718 ("Dereference null return value") Fixes: afd2daa26c7ab ("Bluetooth: Add support for virtio transport driver") Signed-off-by: John Wood <john.wood@gmx.com> --- drivers/bluetooth/virtio_bt.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.25.1