9p: potential NULL dereference
diff mbox series

Message ID 20180926103934.GA14535@mwanda
State Not Applicable, archived
Delegated to: David Miller
Headers show
Series
  • 9p: potential NULL dereference
Related show

Commit Message

Dan Carpenter Sept. 26, 2018, 10:39 a.m. UTC
p9_tag_alloc() is supposed to return error pointers, but we accidentally
return a NULL here.  It would cause a NULL dereference in the caller.

Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Dominique Martinet Sept. 26, 2018, 9:07 p.m. UTC | #1
Dan Carpenter wrote on Wed, Sep 26, 2018:
> p9_tag_alloc() is supposed to return error pointers, but we accidentally
> return a NULL here.  It would cause a NULL dereference in the caller.
> 
> Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Good catch, the culprit commit is only in -next so just adding this to
the queue right away.

Thanks!

Patch
diff mbox series

diff --git a/net/9p/client.c b/net/9p/client.c
index 47fa6158a75a..5f23e18eecc0 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -281,7 +281,7 @@  p9_tag_alloc(struct p9_client *c, int8_t type, unsigned int max_size)
 	int tag;
 
 	if (!req)
-		return NULL;
+		return ERR_PTR(-ENOMEM);
 
 	if (p9_fcall_init(c, &req->tc, alloc_msize))
 		goto free_req;