From: Jesper Juhl <jesper.juhl@gmail.com>
Date: Mon, 25 Sep 2006 23:39:24 +0000 (-0700)
Subject: [PATCH] fix possible NULL ptr deref in forcedeth
X-Git-Tag: firefly_0821_release~32746^2~36
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=46798c897e235e71e1e9c46a5e6e9adfffd8b85d;p=firefly-linux-kernel-4.4.55.git

[PATCH] fix possible NULL ptr deref in forcedeth

There seems to be a possible NULL pointer deref bug in
drivers/net/forcedeth.c::nv_loopback_test().  If dev_alloc_skb() fails, the
next line will call skb_put() with a NULL first argument which it'll then
try to deref - kaboom: a NULL pointer deref.  Found by coverity (#1337).

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Ayaz Abdulla <aabdulla@nvidia.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Stephen Hemminger <shemminger@osdl.org>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
---

diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
index 97db910fbc8c..eea1d66c530e 100644
--- a/drivers/net/forcedeth.c
+++ b/drivers/net/forcedeth.c
@@ -3789,6 +3789,12 @@ static int nv_loopback_test(struct net_device *dev)
 	/* setup packet for tx */
 	pkt_len = ETH_DATA_LEN;
 	tx_skb = dev_alloc_skb(pkt_len);
+	if (!tx_skb) {
+		printk(KERN_ERR "dev_alloc_skb() failed during loopback test"
+			 " of %s\n", dev->name);
+		ret = 0;
+		goto out;
+	}
 	pkt_data = skb_put(tx_skb, pkt_len);
 	for (i = 0; i < pkt_len; i++)
 		pkt_data[i] = (u8)(i & 0xff);
@@ -3853,7 +3859,7 @@ static int nv_loopback_test(struct net_device *dev)
 		       tx_skb->end-tx_skb->data,
 		       PCI_DMA_TODEVICE);
 	dev_kfree_skb_any(tx_skb);
-
+ out:
 	/* stop engines */
 	nv_stop_rx(dev);
 	nv_stop_tx(dev);