| Message ID | 20240119074635.265218-1-chentao@kylinos.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | meson-mx-socinfo: Fix possible null-pointer dereference issues in meson_mx_socinfo_init | expand |
> In meson_mx_socinfo_revision, kasprintf() returns a pointer > to dynamically allocated memory which can be NULL upon failure. > > Similarly, the kstrdup_const in the meson_mx_socinfo_soc_id > returns a null pointer when it fails. Ensure the allocation was successful > by checking the pointer validity. Avoid null pointer dereference issues. Would you like to add the tag “Fixes” for the completion of the error handling in this function implementation? … > +++ b/drivers/soc/amlogic/meson-mx-socinfo.c > @@ -160,6 +160,12 @@ static int __init meson_mx_socinfo_init(void) > metal_rev); > soc_dev_attr->soc_id = meson_mx_socinfo_soc_id(major_ver, metal_rev); > > + if (!soc_dev_attr->revision || !soc_dev_attr->soc_id) { I suggest to split such a check for null pointers. > + kfree_const(soc_dev_attr->revision); > + kfree_const(soc_dev_attr->soc_id); > + kfree(soc_dev_attr); > + return -ENOMEM; > + } > soc_dev = soc_device_register(soc_dev_attr); > if (IS_ERR(soc_dev)) { > kfree_const(soc_dev_attr->revision); Please use a goto chain for better exception handling. https://wiki.sei.cmu.edu/confluence/display/c/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources Regards, Markus
diff --git a/drivers/soc/amlogic/meson-mx-socinfo.c b/drivers/soc/amlogic/meson-mx-socinfo.c index 92125dd65f33..9c0296599561 100644 --- a/drivers/soc/amlogic/meson-mx-socinfo.c +++ b/drivers/soc/amlogic/meson-mx-socinfo.c @@ -160,6 +160,12 @@ static int __init meson_mx_socinfo_init(void) metal_rev); soc_dev_attr->soc_id = meson_mx_socinfo_soc_id(major_ver, metal_rev); + if (!soc_dev_attr->revision || !soc_dev_attr->soc_id) { + kfree_const(soc_dev_attr->revision); + kfree_const(soc_dev_attr->soc_id); + kfree(soc_dev_attr); + return -ENOMEM; + } soc_dev = soc_device_register(soc_dev_attr); if (IS_ERR(soc_dev)) { kfree_const(soc_dev_attr->revision);
In meson_mx_socinfo_revision, kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Similarly, the kstrdup_const in the meson_mx_socinfo_soc_id returns a null pointer when it fails. Ensure the allocation was successful by checking the pointer validity. Avoid null pointer dereference issues. Signed-off-by: Kunwu Chan <chentao@kylinos.cn> --- drivers/soc/amlogic/meson-mx-socinfo.c | 6 ++++++ 1 file changed, 6 insertions(+)