Message ID | 1400346848-25098-1-git-send-email-rickard_strandqvist@spectrumdigital.se |
---|---|
State | Changes Requested |
Headers | show |
On Sat, May 17, 2014 at 07:14:08PM +0200, Rickard Strandqvist wrote: > There is otherwise a risk of a possible null pointer dereference. > > Was largely found by using a static code analysis program called cppcheck. > > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> > --- > drivers/i2c/busses/i2c-pxa.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c > index bbe6dfb..dbe5ebe 100644 > --- a/drivers/i2c/busses/i2c-pxa.c > +++ b/drivers/i2c/busses/i2c-pxa.c > @@ -1269,7 +1269,9 @@ eremap: > eclk: > kfree(i2c); > emalloc: > - release_mem_region(res->start, resource_size(res)); > + if(res) { > + release_mem_region(res->start, resource_size(res)); > + } > return ret; > } > This looks incorrect. request_mem_region, which I believe is a prerequisite for this function may not be called when you jump here.
On Sat, May 17, 2014 at 07:14:08PM +0200, Rickard Strandqvist wrote: > There is otherwise a risk of a possible null pointer dereference. > > Was largely found by using a static code analysis program called cppcheck. It is useful to put the output of the analyzer here. > > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> > --- > drivers/i2c/busses/i2c-pxa.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c > index bbe6dfb..dbe5ebe 100644 > --- a/drivers/i2c/busses/i2c-pxa.c > +++ b/drivers/i2c/busses/i2c-pxa.c > @@ -1269,7 +1269,9 @@ eremap: > eclk: > kfree(i2c); > emalloc: > - release_mem_region(res->start, resource_size(res)); > + if(res) { > + release_mem_region(res->start, resource_size(res)); > + } The proper fix is to move the release to the proper place, before kfree. Even better would probably be a devm_* conversion.
On Monday, June 02, 2014 5:27 AM, Wolfram Sang wrote: > On Sat, May 17, 2014 at 07:14:08PM +0200, Rickard Strandqvist wrote: > > There is otherwise a risk of a possible null pointer dereference. > > > > Was largely found by using a static code analysis program called cppcheck. > > It is useful to put the output of the analyzer here. > > > > > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> > > --- > > drivers/i2c/busses/i2c-pxa.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c > > index bbe6dfb..dbe5ebe 100644 > > --- a/drivers/i2c/busses/i2c-pxa.c > > +++ b/drivers/i2c/busses/i2c-pxa.c > > @@ -1269,7 +1269,9 @@ eremap: > > eclk: > > kfree(i2c); > > emalloc: > > - release_mem_region(res->start, resource_size(res)); > > + if(res) { > > + release_mem_region(res->start, resource_size(res)); > > + } > > The proper fix is to move the release to the proper place, before kfree. > Even better would probably be a devm_* conversion. +1 I agree with Wolfram Sang's opinion. Please call release_mem_region() prior to kfree(). One more thing, don't use braces when a single statement is used. Please refer to 'Chapter 3: Placing Braces and Spaces' of 'Documentation/CodingStyle'. Best regards, Jingoo Han -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/i2c/busses/i2c-pxa.c b/drivers/i2c/busses/i2c-pxa.c index bbe6dfb..dbe5ebe 100644 --- a/drivers/i2c/busses/i2c-pxa.c +++ b/drivers/i2c/busses/i2c-pxa.c @@ -1269,7 +1269,9 @@ eremap: eclk: kfree(i2c); emalloc: - release_mem_region(res->start, resource_size(res)); + if(res) { + release_mem_region(res->start, resource_size(res)); + } return ret; }
There is otherwise a risk of a possible null pointer dereference. Was largely found by using a static code analysis program called cppcheck. Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se> --- drivers/i2c/busses/i2c-pxa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)