sound: usb: usx2y: is it a null pointer deference in function usX2Y_rate_set?
亿一
teroincn at gmail.com
Mon Apr 20 09:22:11 CEST 2020
Hi, all:
when reviewing function usX2Y_rate_set, here may exist a NULL
pointer deference if kmalloc_array failed or usb_alloc_urb failed,
in cleanup, we should judge whether us->urb[i] is NULL first.
static int usX2Y_rate_set(struct usX2Ydev *usX2Y, int rate)
{
us = kzalloc(sizeof(*us) + sizeof(struct urb*) *
NOOF_SETRATE_URBS, GFP_KERNEL);
if (NULL == us) {
err = -ENOMEM;
goto cleanup;
}
usbdata = kmalloc_array(NOOF_SETRATE_URBS, sizeof(int),
GFP_KERNEL);
if (NULL == usbdata) {
err = -ENOMEM;
goto cleanup;
}
for (i = 0; i < NOOF_SETRATE_URBS; ++i) {
if (NULL == (us->urb[i] = usb_alloc_urb(0, GFP_KERNEL))) {
err = -ENOMEM;
goto cleanup;
}
...
}
...
cleanup:
if (us) {
us->submitted = 2*NOOF_SETRATE_URBS;
for (i = 0; i < NOOF_SETRATE_URBS; ++i) {
struct urb *urb = us->urb[i];
if (urb->status) {
if (!err)
err = -ENODEV;
usb_kill_urb(urb);
}
usb_free_urb(urb);
More information about the Alsa-devel
mailing list