From 7e2b0aaec6335104866f9e31788a8aab7a9045e5 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Sat, 8 Apr 2017 11:07:30 -0500 Subject: [PATCH] staging: rtl8723bs: Fix potential usage while NULL error in hal/rtl8723b_hal_init.c Smatch logs the following: CHECK drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c:518 rtl8723b_FirmwareDownload() error: we previously assumed 'pFirmware' could be null (see line 382) Fixing this error required a rewrite of the error exits from this routine. Signed-off-by: Larry Finger Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c index b7f6dc7ce318..d40ad03e99a3 100644 --- a/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c +++ b/drivers/staging/rtl8723bs/hal/rtl8723b_hal_init.c @@ -377,13 +377,13 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw) RT_TRACE(_module_hal_init_c_, _drv_notice_, ("+%s, bUsedWoWLANFw:%d\n", __func__, bUsedWoWLANFw)); #endif pFirmware = kzalloc(sizeof(struct rt_firmware), GFP_KERNEL); + if (!pFirmware) + return _FAIL; pBTFirmware = kzalloc(sizeof(struct rt_firmware), GFP_KERNEL); - - if (!pFirmware || !pBTFirmware) { - rtStatus = _FAIL; - goto exit; + if (!pBTFirmware) { + kfree(pFirmware); + return _FAIL; } - tmp_ps = rtw_read8(padapter, 0xa3); tmp_ps &= 0xf8; tmp_ps |= 0x02; @@ -441,7 +441,7 @@ s32 rtl8723b_FirmwareDownload(struct adapter *padapter, bool bUsedWoWLANFw) if (pFirmware->ulFwLength > FW_8723B_SIZE) { rtStatus = _FAIL; DBG_871X_LEVEL(_drv_emerg_, "Firmware size:%u exceed %u\n", pFirmware->ulFwLength, FW_8723B_SIZE); - goto exit; + goto release_fw1; } pFirmwareBuf = pFirmware->szFwBuffer; @@ -517,6 +517,7 @@ fwdl_stat: exit: kfree(pFirmware->szFwBuffer); kfree(pFirmware); +release_fw1: kfree(pBTFirmware); DBG_871X(" <=== rtl8723b_FirmwareDownload()\n"); return rtStatus; -- 2.30.2