summary refs log tree commit diff
diff options
context:
space:
mode:
authorVladimir Motyka <vladimir.motyka@gmail.com>2011-05-11 00:00:43 -0400
committerChris Ball <cjb@laptop.org>2011-05-24 23:53:49 -0400
commitaea253ecffecd38b5ab97edd73fbe2842a7de371 (patch)
tree43ed3d608705c5a7fb5dbdbb8d75efa120f114ba
parentcf2b5eea1ea0ff9b3184bc6771bcb93a9fdcd1d9 (diff)
downloadlinux-aea253ecffecd38b5ab97edd73fbe2842a7de371.tar.gz
mmc: card: fix potential null dereference of 'idata'
When allocation of idata failed there was a null dereference. Also avoid
calling kfree where it isn't needed.

Signed-off-by: Vladimir Motyka <vladimir.motyka@gmail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Diffstat
-rw-r--r--drivers/mmc/card/block.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index 407836d55712..126c7f41c5a3 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -237,24 +237,24 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
 	idata = kzalloc(sizeof(*idata), GFP_KERNEL);
 	if (!idata) {
 		err = -ENOMEM;
-		goto copy_err;
+		goto out;
 	}
 
 	if (copy_from_user(&idata->ic, user, sizeof(idata->ic))) {
 		err = -EFAULT;
-		goto copy_err;
+		goto idata_err;
 	}
 
 	idata->buf_bytes = (u64) idata->ic.blksz * idata->ic.blocks;
 	if (idata->buf_bytes > MMC_IOC_MAX_BYTES) {
 		err = -EOVERFLOW;
-		goto copy_err;
+		goto idata_err;
 	}
 
 	idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL);
 	if (!idata->buf) {
 		err = -ENOMEM;
-		goto copy_err;
+		goto idata_err;
 	}
 
 	if (copy_from_user(idata->buf, (void __user *)(unsigned long)
@@ -267,9 +267,10 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
 
 copy_err:
 	kfree(idata->buf);
+idata_err:
 	kfree(idata);
+out:
 	return ERR_PTR(err);
-
 }
 
 static int mmc_blk_ioctl_cmd(struct block_device *bdev,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-25 17:15:15 +0000