HID: core: fix NULL pointer dereference
authorGustavo A. R. Silva <gustavo@embeddedor.com>
Wed, 29 Aug 2018 15:22:09 +0000 (10:22 -0500)
committerJiri Kosina <jkosina@suse.cz>
Wed, 5 Sep 2018 08:08:07 +0000 (10:08 +0200)
There is a NULL pointer dereference in case memory resources
for *parse* are not successfully allocated.

Fix this by adding a new goto label and make the execution
path jump to it in case vzalloc() fails.

Addresses-Coverity-ID: 1473081 ("Dereference after null check")
Fixes: b2dd9f2e5a8a ("HID: core: fix memory leak on probe")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
drivers/hid/hid-core.c

index 44a465db3f9616b5f6e7c6e60707ddb08c040bf2..44564f61e9cc3c85250e2e6d1e5ff47ed95dcd4d 100644 (file)
@@ -1000,7 +1000,7 @@ int hid_open_report(struct hid_device *device)
        parser = vzalloc(sizeof(struct hid_parser));
        if (!parser) {
                ret = -ENOMEM;
-               goto err;
+               goto alloc_err;
        }
 
        parser->device = device;
@@ -1049,6 +1049,7 @@ int hid_open_report(struct hid_device *device)
        hid_err(device, "item fetching failed at offset %d\n", (int)(end - start));
 err:
        kfree(parser->collection_stack);
+alloc_err:
        vfree(parser);
        hid_close_report(device);
        return ret;