* [PATCH] staging: r8188eu: Fix potential memory leak or NULL dereference
@ 2021-08-06 21:32 Larry Finger
0 siblings, 0 replies; only message in thread
From: Larry Finger @ 2021-08-06 21:32 UTC (permalink / raw)
To: gregkh; +Cc: phil, linux-staging, linux-kernel, Larry Finger, Dan Carpenter
In routine c2h_wk_callback(() following a kmalloc() call, the
error recovery is flawed. If the kmalloc() returns a pointer
that is not NULL, and the following c2h_evt_read() fails, the
code will leak that buffer. If the kmalloc() fails, a NULL
dereference will occur in the following code.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
---
drivers/staging/r8188eu/core/rtw_cmd.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/r8188eu/core/rtw_cmd.c b/drivers/staging/r8188eu/core/rtw_cmd.c
index c3a9051ca10c..238ae79f4141 100644
--- a/drivers/staging/r8188eu/core/rtw_cmd.c
+++ b/drivers/staging/r8188eu/core/rtw_cmd.c
@@ -1908,8 +1908,12 @@ static void c2h_wk_callback(struct work_struct *work)
c2h_evt = kmalloc(16, GFP_KERNEL);
if (c2h_evt) {
/* This C2H event is not read, read & clear now */
- if (c2h_evt_read(adapter, (u8 *)c2h_evt) != _SUCCESS)
+ if (c2h_evt_read(adapter, (u8 *)c2h_evt) != _SUCCESS) {
+ kfree(c2h_evt);
continue;
+ }
+ } else {
+ return;
}
}
--
2.32.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-06 21:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-06 21:32 [PATCH] staging: r8188eu: Fix potential memory leak or NULL dereference Larry Finger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.