drivers/staging/ced1401/ced_ioc.c:918 GetTransfer() error: potential null dereference 'tx'. (kzalloc returns null)
Fengguang Wu
fengguang.wu at intel.com
Wed Nov 7 05:05:25 EST 2012
Hi Arnd,
FYI, there are new smatch warnings show up in
tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc.git testing/defconfig-warnings
head: ee68ab14f293996cc746aeb016fd2c124e2914f0
commit: 47b83e2bd41f9cc656b7b933cefec484f4d12026 Fix potential stack overflow locations
date: 2 hours ago
drivers/staging/ced1401/ced_ioc.c:875 WaitEvent() warn: inconsistent returns mutex:&pdx->io_mutex: locked (853) unlocked (841,875)
+ drivers/staging/ced1401/ced_ioc.c:918 GetTransfer() error: potential null dereference 'tx'. (kzalloc returns null)
drivers/staging/ced1401/ced_ioc.c:1079 CheckSelfTest() warn: check that 'gst.code' doesn't leak information
drivers/staging/ced1401/ced_ioc.c:1515 FreeCircBlock() warn: inconsistent returns mutex:&pdx->io_mutex: locked (1512) unlocked (1424,1515)
--
drivers/staging/wlan-ng/hfa384x_usb.c:3517 hfa384x_usbin_rx() error: potential NULL dereference 'rxmeta'.
drivers/staging/wlan-ng/prism2fw.c:594 mkpdrlist() error: buffer overflow 'pda16' 512 <= 512
drivers/staging/wlan-ng/prism2fw.c:635 mkpdrlist() error: buffer overflow 'pda16' 512 <= 512
+ drivers/staging/wlan-ng/prism2fw.c:773 read_cardpda() error: potential null dereference 'msg'. (kmalloc returns null)
--
drivers/misc/lkdtm.c:268 recursive_loop() warn: 'buf' puts 512 bytes on stack
+ drivers/misc/lkdtm.c:270 recursive_loop() error: __builtin_memset() 'buf' too small (512 vs 1024)
drivers/misc/lkdtm.c:301 lkdtm_do_action() error: buffer overflow 'p' 8 <= 12
drivers/misc/lkdtm.c:320 lkdtm_do_action() error: potential null dereference 'data'. (kmalloc returns null)
drivers/misc/lkdtm.c:320 lkdtm_do_action() error: buffer overflow 'data' 255 <= 256
vim +918 +/tx drivers/staging/ced1401/ced_ioc.c
2eae6bdc Alois Schlögl 2012-09-17 902 ** GetTransferInfo
2eae6bdc Alois Schlögl 2012-09-17 903 ** Puts the current state of the 1401 in a TGET_TX_BLOCK.
2eae6bdc Alois Schlögl 2012-09-17 904 *****************************************************************************/
cd915200 Greg Kroah-Hartman 2012-09-17 905 int GetTransfer(DEVICE_EXTENSION * pdx, TGET_TX_BLOCK __user * pTX)
2eae6bdc Alois Schlögl 2012-09-17 906 {
cd915200 Greg Kroah-Hartman 2012-09-17 907 int iReturn = U14ERR_NOERROR;
cd915200 Greg Kroah-Hartman 2012-09-17 908 unsigned int dwIdent;
cd915200 Greg Kroah-Hartman 2012-09-17 909
cd915200 Greg Kroah-Hartman 2012-09-17 910 mutex_lock(&pdx->io_mutex);
cd915200 Greg Kroah-Hartman 2012-09-17 911 dwIdent = pdx->StagedId; // area ident for last xfer
cd915200 Greg Kroah-Hartman 2012-09-17 912 if (dwIdent >= MAX_TRANSAREAS)
cd915200 Greg Kroah-Hartman 2012-09-17 913 iReturn = U14ERR_BADAREA;
cd915200 Greg Kroah-Hartman 2012-09-17 914 else {
cd915200 Greg Kroah-Hartman 2012-09-17 915 // Return the best information we have - we don't have physical addresses
47b83e2b Arnd Bergmann 2012-10-16 916 TGET_TX_BLOCK *tx;
47b83e2b Arnd Bergmann 2012-10-16 917 tx = kzalloc(sizeof *tx, GFP_KERNEL);
47b83e2b Arnd Bergmann 2012-10-16 @918 tx->size = pdx->rTransDef[dwIdent].dwLength;
47b83e2b Arnd Bergmann 2012-10-16 919 tx->linear = (long long)((long)pdx->rTransDef[dwIdent].lpvBuff);
47b83e2b Arnd Bergmann 2012-10-16 920 tx->avail = GET_TX_MAXENTRIES; // how many blocks we could return
47b83e2b Arnd Bergmann 2012-10-16 921 tx->used = 1; // number we actually return
47b83e2b Arnd Bergmann 2012-10-16 922 tx->entries[0].physical =
47b83e2b Arnd Bergmann 2012-10-16 923 (long long)(tx->linear + pdx->StagedOffset);
47b83e2b Arnd Bergmann 2012-10-16 924 tx->entries[0].size = tx->size;
47b83e2b Arnd Bergmann 2012-10-16 925
47b83e2b Arnd Bergmann 2012-10-16 926 if (copy_to_user(pTX, tx, sizeof(*tx)))
---
0-DAY kernel build testing backend Open Source Technology Center
Fengguang Wu, Yuanhan Liu Intel Corporation
More information about the linux-arm-kernel
mailing list