mISDN: Fix null pointer dereference at mISDN_FsmNew
If mISDN_FsmNew() fails to allocate memory for jumpmatrix then null pointer dereference will occur on any write to jumpmatrix. The patch adds check on successful allocation and corresponding error handling. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Anton Vasilyev
committed by
David S. Miller
David S. Miller
父節點
bb3afda4fc
當前提交
54a6a043fb
@@ -26,7 +26,7 @@
|
||||
|
||||
#define FSM_TIMER_DEBUG 0
|
||||
|
||||
void
|
||||
int
|
||||
mISDN_FsmNew(struct Fsm *fsm,
|
||||
struct FsmNode *fnlist, int fncount)
|
||||
{
|
||||
@@ -34,6 +34,8 @@ mISDN_FsmNew(struct Fsm *fsm,
|
||||
|
||||
fsm->jumpmatrix = kzalloc(sizeof(FSMFNPTR) * fsm->state_count *
|
||||
fsm->event_count, GFP_KERNEL);
|
||||
if (fsm->jumpmatrix == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
for (i = 0; i < fncount; i++)
|
||||
if ((fnlist[i].state >= fsm->state_count) ||
|
||||
@@ -45,6 +47,7 @@ mISDN_FsmNew(struct Fsm *fsm,
|
||||
} else
|
||||
fsm->jumpmatrix[fsm->state_count * fnlist[i].event +
|
||||
fnlist[i].state] = (FSMFNPTR) fnlist[i].routine;
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(mISDN_FsmNew);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user