Bug 200511 - Potential NULL pointer dereference when kzalloc() fails in drivers/clk/pxa/clk-pxa.c
Summary: Potential NULL pointer dereference when kzalloc() fails in drivers/clk/pxa/cl...
Status: RESOLVED PATCH_ALREADY_AVAILABLE
Alias: None
Product: Drivers
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-16 10:58 UTC by Jason Wood
Modified: 2018-09-13 10:40 UTC (History)
0 users

See Also:
Kernel Version: v4.18-rc4
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jason Wood 2018-07-16 10:58:52 UTC 
Function init_per_cpu() defined in drivers/clk/pxa/clk-pxa.c calls kzalloc() to allocate memory for struct pxa_clk which is dereferenced immediately. As kzalloc() may return NULL when OOM happens, this code piece may cause NULL pointer dereference bug. Codes related to this bug are shown as follows.

drivers/clk/pxa/clk-pxa.c:
  106  	for (i = 0; i < nb_clks; i++) {
  107: 		pxa_clk = kzalloc(sizeof(*pxa_clk), GFP_KERNEL);
  108  		pxa_clk->is_in_low_power = clks[i].is_in_low_power;
  109  		pxa_clk->lp = clks[i].lp;
  110		pxa_clk->hp = clks[i].hp;
  111		pxa_clk->gate = clks[i].gate;
  112		pxa_clk->gate.lock = &pxa_clk_lock;

Thanks for attention!
JW, ZG
IMChecker Group, THU
Comment 1 Jason Wood 2018-08-16 14:27:10 UTC 
Correction: Function `clk_pxa_cken_init()` defined in drivers/clk/pxa/clk-pxa.c rather than `init_per_cpu()`
Comment 2 Jason Wood 2018-09-13 10:40:28 UTC 
We have sent the patch to the developers. Currently, we're formatting the patch according to the Linux development documentation.
Note You need to log in before you can comment on or make changes to this bug.