| Message ID | 20180926103934.GA14535@mwanda |
|---|---|
| State | Not Applicable, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | 9p: potential NULL dereference | expand |
Dan Carpenter wrote on Wed, Sep 26, 2018: > p9_tag_alloc() is supposed to return error pointers, but we accidentally > return a NULL here. It would cause a NULL dereference in the caller. > > Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Good catch, the culprit commit is only in -next so just adding this to the queue right away. Thanks!
diff --git a/net/9p/client.c b/net/9p/client.c index 47fa6158a75a..5f23e18eecc0 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -281,7 +281,7 @@ p9_tag_alloc(struct p9_client *c, int8_t type, unsigned int max_size) int tag; if (!req) - return NULL; + return ERR_PTR(-ENOMEM); if (p9_fcall_init(c, &req->tc, alloc_msize)) goto free_req;
p9_tag_alloc() is supposed to return error pointers, but we accidentally return a NULL here. It would cause a NULL dereference in the caller. Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>