FMC: fix error handling in probe() function
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 20 Jun 2013 08:10:18 +0000 (11:10 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 24 Jun 2013 23:23:25 +0000 (16:23 -0700)
The call to kzalloc() wasn't checked.
The dev_info() message dereferenced freed memory on error.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/fmc/fmc-chardev.c

index b0710393ede6a4141367a591f9c0bb8081666533..cc031db2d2a3c95c55434e4cc953a25efb745991 100644 (file)
@@ -136,6 +136,8 @@ static int fc_probe(struct fmc_device *fmc)
 
        /* Create a char device: we want to create it anew */
        fc = kzalloc(sizeof(*fc), GFP_KERNEL);
+       if (!fc)
+               return -ENOMEM;
        fc->fmc = fmc;
        fc->misc.minor = MISC_DYNAMIC_MINOR;
        fc->misc.fops = &fc_fops;
@@ -143,15 +145,18 @@ static int fc_probe(struct fmc_device *fmc)
 
        spin_lock(&fc_lock);
        ret = misc_register(&fc->misc);
-       if (ret < 0) {
-               kfree(fc->misc.name);
-               kfree(fc);
-       } else {
-               list_add(&fc->list, &fc_devices);
-       }
+       if (ret < 0)
+               goto err_unlock;
+       list_add(&fc->list, &fc_devices);
        spin_unlock(&fc_lock);
        dev_info(&fc->fmc->dev, "Created misc device \"%s\"\n",
                 fc->misc.name);
+       return 0;
+
+err_unlock:
+       spin_unlock(&fc_lock);
+       kfree(fc->misc.name);
+       kfree(fc);
        return ret;
 }