Commit ee9d7a0e authored by ruanjinjie's avatar ruanjinjie Committed by Rob Herring

of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()

When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will
be NULL, and strcmp() will cause null pointer dereference.

Fixes: 2fe0e876 ("of: overlay: check prevents multiple fragments touching same property")
Signed-off-by: default avatarruanjinjie <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20221211023337.592266-1-ruanjinjie@huawei.comSigned-off-by: default avatarRob Herring <robh@kernel.org>
parent 03871060
...@@ -545,7 +545,7 @@ static int find_dup_cset_node_entry(struct overlay_changeset *ovcs, ...@@ -545,7 +545,7 @@ static int find_dup_cset_node_entry(struct overlay_changeset *ovcs,
fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np); fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np); fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
node_path_match = !strcmp(fn_1, fn_2); node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
kfree(fn_1); kfree(fn_1);
kfree(fn_2); kfree(fn_2);
if (node_path_match) { if (node_path_match) {
...@@ -580,7 +580,7 @@ static int find_dup_cset_prop(struct overlay_changeset *ovcs, ...@@ -580,7 +580,7 @@ static int find_dup_cset_prop(struct overlay_changeset *ovcs,
fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np); fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np); fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
node_path_match = !strcmp(fn_1, fn_2); node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
kfree(fn_1); kfree(fn_1);
kfree(fn_2); kfree(fn_2);
if (node_path_match && if (node_path_match &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment