From 4640a3f2bff64b808bdedadcddf882aa4606f374 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 20 Jun 2013 11:10:18 +0300 Subject: [PATCH] FMC: fix error handling in probe() function The call to kzalloc() wasn't checked. The dev_info() message dereferenced freed memory on error. Signed-off-by: Dan Carpenter Acked-by: Alessandro Rubini Signed-off-by: Greg Kroah-Hartman --- drivers/fmc/fmc-chardev.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/fmc/fmc-chardev.c b/drivers/fmc/fmc-chardev.c index b0710393ede6..cc031db2d2a3 100644 --- a/drivers/fmc/fmc-chardev.c +++ b/drivers/fmc/fmc-chardev.c @@ -136,6 +136,8 @@ static int fc_probe(struct fmc_device *fmc) /* Create a char device: we want to create it anew */ fc = kzalloc(sizeof(*fc), GFP_KERNEL); + if (!fc) + return -ENOMEM; fc->fmc = fmc; fc->misc.minor = MISC_DYNAMIC_MINOR; fc->misc.fops = &fc_fops; @@ -143,15 +145,18 @@ static int fc_probe(struct fmc_device *fmc) spin_lock(&fc_lock); ret = misc_register(&fc->misc); - if (ret < 0) { - kfree(fc->misc.name); - kfree(fc); - } else { - list_add(&fc->list, &fc_devices); - } + if (ret < 0) + goto err_unlock; + list_add(&fc->list, &fc_devices); spin_unlock(&fc_lock); dev_info(&fc->fmc->dev, "Created misc device \"%s\"\n", fc->misc.name); + return 0; + +err_unlock: + spin_unlock(&fc_lock); + kfree(fc->misc.name); + kfree(fc); return ret; } -- GitLab