From patchwork Tue Jul 29 15:14:17 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 4640771 X-Patchwork-Delegate: jikos@jikos.cz Return-Path: X-Original-To: patchwork-linux-input@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 99697C0338 for ; Tue, 29 Jul 2014 15:15:02 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 710C020142 for ; Tue, 29 Jul 2014 15:15:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AEBDF20158 for ; Tue, 29 Jul 2014 15:14:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753955AbaG2POv (ORCPT ); Tue, 29 Jul 2014 11:14:51 -0400 Received: from mail-we0-f169.google.com ([74.125.82.169]:46143 "EHLO mail-we0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752764AbaG2POv (ORCPT ); Tue, 29 Jul 2014 11:14:51 -0400 Received: by mail-we0-f169.google.com with SMTP id u56so9382927wes.0 for ; Tue, 29 Jul 2014 08:14:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J+kfAthHw83cgmVzyw955pjLJwK35mDfhqVZMUThKHc=; b=qt3/YrJ/jrlJL5QoQLkd0ePa40/i4rp7C1jeTLzgwPB/ItpZ/QVDMr/sUNtZnpxz4u WQ8pbPxah8qkn/xJ3ug1Z1fdj7DAuXH2ws+4C14IasEPM4Wu522BYEcU10GFfgHyFGnc xf0nc3yMeafiB6d10Rx6sihaJBJI/FVPPaacJlBmJJo8Lm61+2FY/CHoOm3cSQ5XF1l7 qOA2FgDHAS31YC0KDYaxqjrHIgAsc6WGiKFD4SiTljljV17CFv0UvqdUzchdzPq2gvEU TRUlM8kASZn5TNZQP0oAH/u1iRlRwn1uv7jVqK4smMnAn2hxJvlaGdGQtT/63xChTtPR VGyA== X-Received: by 10.180.87.199 with SMTP id ba7mr6953248wib.49.1406646889511; Tue, 29 Jul 2014 08:14:49 -0700 (PDT) Received: from david-tp.localdomain (stgt-4d0247ad.pool.mediaWays.net. [77.2.71.173]) by mx.google.com with ESMTPSA id fs3sm44361822wic.20.2014.07.29.08.14.47 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 29 Jul 2014 08:14:48 -0700 (PDT) From: David Herrmann To: linux-input@vger.kernel.org Cc: Jiri Kosina , Benjamin Tissoires , David Herrmann Subject: [PATCH 03/12] HID: uhid: avoid dangling pointers in uhid context Date: Tue, 29 Jul 2014 17:14:17 +0200 Message-Id: <1406646866-999-4-git-send-email-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.0.3 In-Reply-To: <1406646866-999-1-git-send-email-dh.herrmann@gmail.com> References: <1406646866-999-1-git-send-email-dh.herrmann@gmail.com> Sender: linux-input-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Avoid keeping uhid->rd_data and uhid->rd_size set in case uhid_dev_create2() fails. This is non-critical as we never flip uhid->running and thus never enter uhid_dev_destroy(). However, it's much nicer for debugging if pointers are only set if they point to valid data. Signed-off-by: David Herrmann --- drivers/hid/uhid.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c index c05b544..bf13746 100644 --- a/drivers/hid/uhid.c +++ b/drivers/hid/uhid.c @@ -363,20 +363,24 @@ static int uhid_dev_create2(struct uhid_device *uhid, const struct uhid_event *ev) { struct hid_device *hid; + size_t rd_size; + void *rd_data; int ret; if (uhid->running) return -EALREADY; - uhid->rd_size = ev->u.create2.rd_size; - if (uhid->rd_size <= 0 || uhid->rd_size > HID_MAX_DESCRIPTOR_SIZE) + rd_size = ev->u.create2.rd_size; + if (rd_size <= 0 || rd_size > HID_MAX_DESCRIPTOR_SIZE) return -EINVAL; - uhid->rd_data = kmemdup(ev->u.create2.rd_data, uhid->rd_size, - GFP_KERNEL); - if (!uhid->rd_data) + rd_data = kmemdup(ev->u.create2.rd_data, rd_size, GFP_KERNEL); + if (!rd_data) return -ENOMEM; + uhid->rd_size = rd_size; + uhid->rd_data = rd_data; + hid = hid_allocate_device(); if (IS_ERR(hid)) { ret = PTR_ERR(hid); @@ -416,6 +420,8 @@ err_hid: uhid->running = false; err_free: kfree(uhid->rd_data); + uhid->rd_data = NULL; + uhid->rd_size = 0; return ret; }