On 2019/1/31 2:10, David Miller wrote:

From: YueHaibing <redacted>
Date: Wed, 30 Jan 2019 18:19:02 +0800

quoted

There is a potential NULL pointer dereference in case
kzalloc() fails and returns NULL.

Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
Signed-off-by: YueHaibing <redacted>
---
 drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index 124ff53..5660d5a 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c

@@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
 	int i;
 
 	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
+	if (!phi)
+		return;

If we fail with an error and do not perform the operation we were requested to
make, we must return an error to the caller, and the caller must do something
reasonable with that error (perhaps return it to it's caller) and so on and
so forth.

hfcsusb_ph_info alloced the 'phi'，then use it _alloc_mISDN_skb in _queue_data.
while _alloc_mISDN_skb fails, it also just return without err handling,then kfree(phi).
It seems that all the caller of hfcsusb_ph_info doesn't care the return value.

.