tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ASoC: sma1307: Add NULL check in sma1307_setting_loaded()

All varibale allocated by kzalloc and devm_kzalloc could be NULL.
Multiple pointer checks and their cleanup are added.

This issue is found by our static analysis tool

Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
Link: https://patch.msgid.link/20250311015714.1333857-1-chenyuan0y@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>

authored by

Chenyuan Yang and committed by
Mark Brown 0ec6bd16 f37ab219

+28
+28
sound/soc/codecs/sma1307.c
··· 1723 1723 } 1724 1724 1725 1725 data = kzalloc(fw->size, GFP_KERNEL); 1726 + if (!data) { 1727 + release_firmware(fw); 1728 + sma1307->set.status = false; 1729 + return; 1730 + } 1726 1731 size = fw->size >> 2; 1727 1732 memcpy(data, fw->data, fw->size); 1728 1733 ··· 1741 1736 sma1307->set.header = devm_kzalloc(sma1307->dev, 1742 1737 sma1307->set.header_size, 1743 1738 GFP_KERNEL); 1739 + if (!sma1307->set.header) { 1740 + kfree(data); 1741 + sma1307->set.status = false; 1742 + return; 1743 + } 1744 + 1744 1745 memcpy(sma1307->set.header, data, 1745 1746 sma1307->set.header_size * sizeof(int)); 1746 1747 ··· 1762 1751 sma1307->set.def 1763 1752 = devm_kzalloc(sma1307->dev, 1764 1753 sma1307->set.def_size * sizeof(int), GFP_KERNEL); 1754 + if (!sma1307->set.def) { 1755 + kfree(data); 1756 + kfree(sma1307->set.header); 1757 + sma1307->set.status = false; 1758 + return; 1759 + } 1760 + 1765 1761 memcpy(sma1307->set.def, 1766 1762 &data[sma1307->set.header_size], 1767 1763 sma1307->set.def_size * sizeof(int)); ··· 1781 1763 = devm_kzalloc(sma1307->dev, 1782 1764 sma1307->set.mode_size * 2 * sizeof(int), 1783 1765 GFP_KERNEL); 1766 + if (!sma1307->set.mode_set[i]) { 1767 + kfree(data); 1768 + kfree(sma1307->set.header); 1769 + kfree(sma1307->set.def); 1770 + for (int j = 0; j < i; j++) 1771 + kfree(sma1307->set.mode_set[j]); 1772 + sma1307->set.status = false; 1773 + return; 1774 + } 1775 + 1784 1776 for (int j = 0; j < sma1307->set.mode_size; j++) { 1785 1777 sma1307->set.mode_set[i][2 * j] 1786 1778 = data[offset + ((num_mode + 1) * j)];