ieee802154: ca8210: Add checks for kmalloc allocation failures
authorColin Ian King <colin.king@canonical.com>
Wed, 29 Mar 2017 17:05:40 +0000 (18:05 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Wed, 12 Apr 2017 20:02:39 +0000 (22:02 +0200)
Ensure we don't end up with a null pointer dereferences by checking
for for allocation failures.  Allocate by sizeof(*ptr) rather than
the type to fix checkpack warnings.  Also merge multiple lines into
one line for the kmalloc call.

Detected by CoverityScan, CID#1422435 ("Dereference null return value")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
drivers/net/ieee802154/ca8210.c

index 53fa87b..25fd3b0 100644 (file)
@@ -634,6 +634,8 @@ static int ca8210_test_int_driver_write(
                dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]);
 
        fifo_buffer = kmalloc(len, GFP_KERNEL);
+       if (!fifo_buffer)
+               return -ENOMEM;
        memcpy(fifo_buffer, buf, len);
        kfifo_in(&test->up_fifo, &fifo_buffer, 4);
        wake_up_interruptible(&priv->test.readq);
@@ -759,10 +761,10 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
                                &priv->spi->dev,
                                "Resetting MAC...\n");
 
-                       mlme_reset_wpc = kmalloc(
-                               sizeof(struct work_priv_container),
-                               GFP_KERNEL
-                       );
+                       mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc),
+                                                GFP_KERNEL);
+                       if (!mlme_reset_wpc)
+                               goto finish;
                        INIT_WORK(
                                &mlme_reset_wpc->work,
                                ca8210_mlme_reset_worker
@@ -925,10 +927,10 @@ static int ca8210_spi_transfer(
 
        dev_dbg(&spi->dev, "ca8210_spi_transfer called\n");
 
-       cas_ctl = kmalloc(
-               sizeof(struct cas_control),
-               GFP_ATOMIC
-       );
+       cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC);
+       if (!cas_ctl)
+               return -ENOMEM;
+
        cas_ctl->priv = priv;
        memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
        memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);