Dear QCOM AUDIO maintainers,
We encountered an usual usage of devm_kzalloc while performing a static analysis for kernel code.
https://elixir.bootlin.com/linux/v6.8/source/sound/soc/qcom/lpass-cpu.c#L123... ``` int asoc_qcom_lpass_cpu_platform_probe(struct platform_device *pdev) { ...
drvdata = devm_kzalloc(dev, sizeof(struct lpass_data), GFP_KERNEL); if (!drvdata) return -ENOMEM; ...
/* Allocation for i2sctl regmap fields */ drvdata->i2sctl = devm_kzalloc(&pdev->dev, sizeof(struct lpaif_i2sctl), GFP_KERNEL);
/* Initialize bitfields for dai I2SCTL register */ ret = lpass_cpu_init_i2sctl_bitfields(dev, drvdata->i2sctl, drvdata->lpaif_map); if (ret) { dev_err(dev, "error init i2sctl field: %d\n", ret); return ret; } ... } ```
``` static int lpass_cpu_init_i2sctl_bitfields(struct device *dev, struct lpaif_i2sctl *i2sctl, struct regmap *map) { struct lpass_data *drvdata = dev_get_drvdata(dev); const struct lpass_variant *v = drvdata->variant;
i2sctl->loopback = devm_regmap_field_alloc(dev, map, v->loopback); ... } ```
Here devm_kzalloc might return NULL for drvdata->i2sctl if out-of-memory. Then i2sctl->loopback will cause segfault since i2sctl is never checked against NULL. Would a NULL check needed here? Like the drvdata above.
Please let us know if we missed any key information or assumption! We appreciate your time!
Best, Zijie