libceph: potential NULL dereference in ceph_msg_data_create()

If kmem_cache_zalloc() returns NULL then the INIT_LIST_HEAD(&data->links); will Oops. The callers aren't really prepared for NULL returns so it doesn't make a lot of difference in real life. Fixes: 5240d9f9 ("libceph: replace message data pointer with list") Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com>

libceph: potential NULL dereference in ceph_msg_data_create()
If kmem_cache_zalloc() returns NULL then the INIT_LIST_HEAD(&data->links); will Oops. The callers aren't really prepared for NULL returns so it doesn't make a lot of difference in real life. Fixes: 5240d9f9 ("libceph: replace message data pointer with list") Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com>
7c40b22f · Dan Carpenter · Ilya Dryomov · 84583cfb · 7c40b22f
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

net/ceph/messenger.c net/ceph/messenger.c +4 -2

未找到文件。
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -3203,8 +3203,10 @@ static struct ceph_msg_data *ceph_msg_data_create(enum ceph_msg_data_type type)
 		return NULL;

 	data = kmem_cache_zalloc(ceph_msg_data_cache, GFP_NOFS);
-	if (data)
-		data->type = type;
+	if (!data)
+		return NULL;
+
+	data->type = type;
 	INIT_LIST_HEAD(&data->links);

 	return data;