diff options
author | Anton Vasilyev <vasilyev@ispras.ru> | 2017-08-11 15:57:22 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-08-12 00:56:23 +0300 |
commit | 54a6a043fb8580d5a741774669ef6049f402f228 (patch) | |
tree | 9632f50edc83f47ea18ef6011af1cafec141dc8b /drivers/isdn/mISDN/fsm.c | |
parent | bb3afda4fc4ea690ff92a36eef4c0afe4d19da04 (diff) | |
download | linux-54a6a043fb8580d5a741774669ef6049f402f228.tar.xz |
mISDN: Fix null pointer dereference at mISDN_FsmNew
If mISDN_FsmNew() fails to allocate memory for jumpmatrix
then null pointer dereference will occur on any write to
jumpmatrix.
The patch adds check on successful allocation and
corresponding error handling.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/isdn/mISDN/fsm.c')
-rw-r--r-- | drivers/isdn/mISDN/fsm.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/isdn/mISDN/fsm.c b/drivers/isdn/mISDN/fsm.c index 78fc5d5e9051..92e6570b1143 100644 --- a/drivers/isdn/mISDN/fsm.c +++ b/drivers/isdn/mISDN/fsm.c @@ -26,7 +26,7 @@ #define FSM_TIMER_DEBUG 0 -void +int mISDN_FsmNew(struct Fsm *fsm, struct FsmNode *fnlist, int fncount) { @@ -34,6 +34,8 @@ mISDN_FsmNew(struct Fsm *fsm, fsm->jumpmatrix = kzalloc(sizeof(FSMFNPTR) * fsm->state_count * fsm->event_count, GFP_KERNEL); + if (fsm->jumpmatrix == NULL) + return -ENOMEM; for (i = 0; i < fncount; i++) if ((fnlist[i].state >= fsm->state_count) || @@ -45,6 +47,7 @@ mISDN_FsmNew(struct Fsm *fsm, } else fsm->jumpmatrix[fsm->state_count * fnlist[i].event + fnlist[i].state] = (FSMFNPTR) fnlist[i].routine; + return 0; } EXPORT_SYMBOL(mISDN_FsmNew); |