Bug 106181
| Summary: | there exists a wrong return value of function ezusb_probe() when alloc_orinocodev() fails | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | RUC_Soft_Sec (rucsoftsec) |
| Component: | network-wireless | Assignee: | drivers_network-wireless (drivers_network-wireless) |
| Status: | CLOSED CODE_FIX | ||
| Severity: | normal | CC: | linville |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 4.2 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | 0001-orinoco_usb-return-error-in-ezusb_probe-when-alloc_o.patch | ||
Created attachment 190511 [details]
0001-orinoco_usb-return-error-in-ezusb_probe-when-alloc_o.patch
|
In function ezusb_probe() at drivers/net/wireless/orinoco/orinoco_usb.c:1561, if alloc_orinocodev() at line 1574 fails, ezusb_probe() will return 0 indicating success, because variable 'retval' is assigned 0 at line 1571. But, function ezusb_probe() should propagate the error and return the error to its caller functions. So, when ezusb_probe() fails, the return value 0 is wrong. The related code snippets in ezusb_probe are as following. ezusb_probe @@ drivers/net/wireless/orinoco/orinoco_usb.c:1561 1561 static int ezusb_probe(struct usb_interface *interface, 1562 const struct usb_device_id *id) 1563 { .... 1571 int retval = 0; 1572 int i; 1573 1574 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev, 1575 ezusb_hard_reset, NULL); 1576 if (!priv) { 1577 err("Couldn't allocate orinocodev"); 1578 goto exit; 1579 } ... 1712 exit: 1713 if (fw_entry) { 1714 firmware.code = NULL; 1715 firmware.size = 0; 1716 release_firmware(fw_entry); 1717 } 1718 usb_set_intfdata(interface, upriv); 1719 return retval; 1720 }