Bug 200511
| Summary: | Potential NULL pointer dereference when kzalloc() fails in drivers/clk/pxa/clk-pxa.c | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Jason Wood (jasonwood2031) |
| Component: | Other | Assignee: | drivers_other |
| Status: | RESOLVED PATCH_ALREADY_AVAILABLE | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | v4.18-rc4 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Correction: Function `clk_pxa_cken_init()` defined in drivers/clk/pxa/clk-pxa.c rather than `init_per_cpu()` We have sent the patch to the developers. Currently, we're formatting the patch according to the Linux development documentation. |
Function init_per_cpu() defined in drivers/clk/pxa/clk-pxa.c calls kzalloc() to allocate memory for struct pxa_clk which is dereferenced immediately. As kzalloc() may return NULL when OOM happens, this code piece may cause NULL pointer dereference bug. Codes related to this bug are shown as follows. drivers/clk/pxa/clk-pxa.c: 106 for (i = 0; i < nb_clks; i++) { 107: pxa_clk = kzalloc(sizeof(*pxa_clk), GFP_KERNEL); 108 pxa_clk->is_in_low_power = clks[i].is_in_low_power; 109 pxa_clk->lp = clks[i].lp; 110 pxa_clk->hp = clks[i].hp; 111 pxa_clk->gate = clks[i].gate; 112 pxa_clk->gate.lock = &pxa_clk_lock; Thanks for attention! JW, ZG IMChecker Group, THU