From: YueHaibing <redacted>
Date: Thu, 31 Jan 2019 17:41:46 +0800

On 2019/1/31 2:10, David Miller wrote:

quoted

From: YueHaibing <redacted>
Date: Wed, 30 Jan 2019 18:19:02 +0800

quoted

There is a potential NULL pointer dereference in case
kzalloc() fails and returns NULL.

Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
Signed-off-by: YueHaibing <redacted>
---
 drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index 124ff53..5660d5a 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c

@@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
 	int i;
 
 	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
+	if (!phi)
+		return;

If we fail with an error and do not perform the operation we were requested to
make, we must return an error to the caller, and the caller must do something
reasonable with that error (perhaps return it to it's caller) and so on and
so forth.

hfcsusb_ph_info alloced the 'phi'，then use it _alloc_mISDN_skb in _queue_data.
while _alloc_mISDN_skb fails, it also just return without err handling,then kfree(phi).
It seems that all the caller of hfcsusb_ph_info doesn't care the return value.

And that's a bug!