Message ID | 20191215190129.1587-1-pakki001@umn.edu |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | nfc: s3fwrn5: replace the assertion with a WARN_ON | expand |
From: Aditya Pakki <pakki001@umn.edu> Date: Sun, 15 Dec 2019 13:01:29 -0600 > @@ -507,7 +507,8 @@ int s3fwrn5_fw_recv_frame(struct nci_dev *ndev, struct sk_buff *skb) > struct s3fwrn5_info *info = nci_get_drvdata(ndev); > struct s3fwrn5_fw_info *fw_info = &info->fw_info; > > - BUG_ON(fw_info->rsp); > + if (WARN_ON(fw_info->rsp)) > + return -EINVAL; > > fw_info->rsp = skb; This leaks "skb" and you can even see that this might be the case purely by looking at the context of the patch.
diff --git a/drivers/nfc/s3fwrn5/firmware.c b/drivers/nfc/s3fwrn5/firmware.c index be110d9cef02..cdc7d45237d2 100644 --- a/drivers/nfc/s3fwrn5/firmware.c +++ b/drivers/nfc/s3fwrn5/firmware.c @@ -507,7 +507,8 @@ int s3fwrn5_fw_recv_frame(struct nci_dev *ndev, struct sk_buff *skb) struct s3fwrn5_info *info = nci_get_drvdata(ndev); struct s3fwrn5_fw_info *fw_info = &info->fw_info; - BUG_ON(fw_info->rsp); + if (WARN_ON(fw_info->rsp)) + return -EINVAL; fw_info->rsp = skb;
In s3fwrn5_fw_recv_frame, if fw_info->rsp is not empty, the current code causes a crash via BUG_ON. However, s3fwrn5_fw_send_msg does not crash in such a scenario. The patch replaces the BUG_ON by returning the error to the callers. Signed-off-by: Aditya Pakki <pakki001@umn.edu> --- drivers/nfc/s3fwrn5/firmware.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)