3.16.47-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Pan Bian <[email protected]> commit 8b20839988f1ed5e534b270f3776709b640dc7e0 upstream. Function devm_kzalloc() will return a NULL pointer. However, in function isp1704_charger_probe(), the return value of devm_kzalloc() is directly used without validation. This may result in a bad memory access bug. Fixes: 34a109610e2a ("isp1704_charger: Add DT support") Signed-off-by: Pan Bian <[email protected]> Reviewed-by: Pali Rohár <[email protected]> Signed-off-by: Sebastian Reichel <[email protected]> [bwh: Backported to 3.16: adjust filename] Signed-off-by: Ben Hutchings <[email protected]> --- drivers/power/isp1704_charger.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/power/isp1704_charger.c +++ b/drivers/power/isp1704_charger.c @@ -415,6 +415,10 @@ static int isp1704_charger_probe(struct pdata = devm_kzalloc(&pdev->dev, sizeof(struct isp1704_charger_data), GFP_KERNEL); + if (!pdata) { + ret = -ENOMEM; + goto fail0; + } pdata->enable_gpio = gpio; dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);
