SVACE reports return value of a function 'usb_alloc_urb' is dereferenced without checking for null in 5.10 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 5.10 branch.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
From: Dinghao Liu dinghao.liu@zju.edu.cn
commit 4d5f81506835f7c1e5c71787bed84984faf05884 upstream.
There is an allocation for priv->rx_urb[16] has no null check, which may lead to a null pointer dereference.
Signed-off-by: Dinghao Liu dinghao.liu@zju.edu.cn Link: https://lore.kernel.org/r/20201226080258.6576-1-dinghao.liu@zju.edu.cn Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Danila Chernetsov listdansp@mail.ru --- drivers/staging/rtl8192u/r8192U_core.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c index 7f90af8a7c7c..e0fec7d172da 100644 --- a/drivers/staging/rtl8192u/r8192U_core.c +++ b/drivers/staging/rtl8192u/r8192U_core.c @@ -1608,6 +1608,8 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) void *oldaddr, *newaddr;
priv->rx_urb[16] = usb_alloc_urb(0, GFP_KERNEL); + if (!priv->rx_urb[16]) + return -ENOMEM; priv->oldaddr = kmalloc(16, GFP_KERNEL); if (!priv->oldaddr) return -ENOMEM;
On Thu, Mar 30, 2023 at 08:11:07PM +0000, Danila Chernetsov wrote:
From: Dinghao Liu dinghao.liu@zju.edu.cn
commit 4d5f81506835f7c1e5c71787bed84984faf05884 upstream.
There is an allocation for priv->rx_urb[16] has no null check, which may lead to a null pointer dereference.
Signed-off-by: Dinghao Liu dinghao.liu@zju.edu.cn Link: https://lore.kernel.org/r/20201226080258.6576-1-dinghao.liu@zju.edu.cn Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Danila Chernetsov listdansp@mail.ru
drivers/staging/rtl8192u/r8192U_core.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c index 7f90af8a7c7c..e0fec7d172da 100644 --- a/drivers/staging/rtl8192u/r8192U_core.c +++ b/drivers/staging/rtl8192u/r8192U_core.c @@ -1608,6 +1608,8 @@ static short rtl8192_usb_initendpoints(struct net_device *dev) void *oldaddr, *newaddr; priv->rx_urb[16] = usb_alloc_urb(0, GFP_KERNEL);
if (!priv->rx_urb[16])return -ENOMEM;
This was not marked for stable as it's impossible to hit in real-life. So absent that, it's not needed in any stable kernel tree, unless you can prove otherwise?
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Danila Chernetsov -
Greg Kroah-Hartman