Skip to content

Commit 0ec6bd1

Browse files
WhiteFox-Projectbroonie
WhiteFox-Project
authored and
broonie
committed
ASoC: sma1307: Add NULL check in sma1307_setting_loaded()
All varibale allocated by kzalloc and devm_kzalloc could be NULL. Multiple pointer checks and their cleanup are added. This issue is found by our static analysis tool Signed-off-by: Chenyuan Yang <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Mark Brown <[email protected]>
1 parent f37ab21 commit 0ec6bd1

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

sound/soc/codecs/sma1307.c

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1723,6 +1723,11 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
17231723
}
17241724

17251725
data = kzalloc(fw->size, GFP_KERNEL);
1726+
if (!data) {
1727+
release_firmware(fw);
1728+
sma1307->set.status = false;
1729+
return;
1730+
}
17261731
size = fw->size >> 2;
17271732
memcpy(data, fw->data, fw->size);
17281733

@@ -1736,6 +1741,12 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
17361741
sma1307->set.header = devm_kzalloc(sma1307->dev,
17371742
sma1307->set.header_size,
17381743
GFP_KERNEL);
1744+
if (!sma1307->set.header) {
1745+
kfree(data);
1746+
sma1307->set.status = false;
1747+
return;
1748+
}
1749+
17391750
memcpy(sma1307->set.header, data,
17401751
sma1307->set.header_size * sizeof(int));
17411752

@@ -1751,6 +1762,13 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
17511762
sma1307->set.def
17521763
= devm_kzalloc(sma1307->dev,
17531764
sma1307->set.def_size * sizeof(int), GFP_KERNEL);
1765+
if (!sma1307->set.def) {
1766+
kfree(data);
1767+
kfree(sma1307->set.header);
1768+
sma1307->set.status = false;
1769+
return;
1770+
}
1771+
17541772
memcpy(sma1307->set.def,
17551773
&data[sma1307->set.header_size],
17561774
sma1307->set.def_size * sizeof(int));
@@ -1763,6 +1781,16 @@ static void sma1307_setting_loaded(struct sma1307_priv *sma1307, const char *fil
17631781
= devm_kzalloc(sma1307->dev,
17641782
sma1307->set.mode_size * 2 * sizeof(int),
17651783
GFP_KERNEL);
1784+
if (!sma1307->set.mode_set[i]) {
1785+
kfree(data);
1786+
kfree(sma1307->set.header);
1787+
kfree(sma1307->set.def);
1788+
for (int j = 0; j < i; j++)
1789+
kfree(sma1307->set.mode_set[j]);
1790+
sma1307->set.status = false;
1791+
return;
1792+
}
1793+
17661794
for (int j = 0; j < sma1307->set.mode_size; j++) {
17671795
sma1307->set.mode_set[i][2 * j]
17681796
= data[offset + ((num_mode + 1) * j)];

0 commit comments

Comments
 (0)