Commit e42d50ba authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman

FMC: NULL dereference on allocation failure

If we don't allocate "arr" then the cleanup path will dereference it and
oops.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarAlessandro Rubini <rubini@gnudd.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e3a3c3a2
...@@ -46,16 +46,17 @@ static struct sdb_array *__fmc_scan_sdb_tree(struct fmc_device *fmc, ...@@ -46,16 +46,17 @@ static struct sdb_array *__fmc_scan_sdb_tree(struct fmc_device *fmc,
onew = __sdb_rd(fmc, sdb_addr + 4, convert); onew = __sdb_rd(fmc, sdb_addr + 4, convert);
n = __be16_to_cpu(*(uint16_t *)&onew); n = __be16_to_cpu(*(uint16_t *)&onew);
arr = kzalloc(sizeof(*arr), GFP_KERNEL); arr = kzalloc(sizeof(*arr), GFP_KERNEL);
if (arr) { if (!arr)
arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL); return ERR_PTR(-ENOMEM);
arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL); arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL);
} arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL);
if (!arr || !arr->record || !arr->subtree) { if (!arr->record || !arr->subtree) {
kfree(arr->record); kfree(arr->record);
kfree(arr->subtree); kfree(arr->subtree);
kfree(arr); kfree(arr);
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
} }
arr->len = n; arr->len = n;
arr->level = level; arr->level = level;
arr->fmc = fmc; arr->fmc = fmc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment