Re: [PATCH] binder: check for binder_thread allocation failure in binder_poll()

Looks good to me. On Tue, Jan 30, 2018 at 11:11 PM, Eric Biggers wrote: > From: Eric Biggers > > If the kzalloc() in binder_get_thread() fails, binder_poll() > dereferences the resulting NULL pointer. > > Fix it by returning POLLERR if the memory allocation failed. > > This bug was found by syzk

[PATCH] binder: check for binder_thread allocation failure in binder_poll()

From: Eric Biggers If the kzalloc() in binder_get_thread() fails, binder_poll() dereferences the resulting NULL pointer. Fix it by returning POLLERR if the memory allocation failed. This bug was found by syzkaller using fault injection. Reported-by: syzbot Fixes: 457b9a6f09f0 ("Staging: andro