99 lines
2.8 KiB
Diff
99 lines
2.8 KiB
Diff
From acd147cb884f170ddac027881a9b4bb12a36ee2e Mon Sep 17 00:00:00 2001
|
|
From: geruijun <geruijun@huawei.com>
|
|
Date: Wed, 16 Mar 2022 01:36:22 +0800
|
|
Subject: [PATCH 4/4] Check return value of scsi_malloc in order to avoid
|
|
dereferencing NULL return value.
|
|
|
|
Signed-off-by: geruijun <geruijun@huawei.com>
|
|
---
|
|
lib/scsi-lowlevel.c | 30 ++++++++++++++++++++++++++++++
|
|
1 file changed, 30 insertions(+)
|
|
|
|
diff --git a/lib/scsi-lowlevel.c b/lib/scsi-lowlevel.c
|
|
index 4039cea..0161852 100644
|
|
--- a/lib/scsi-lowlevel.c
|
|
+++ b/lib/scsi-lowlevel.c
|
|
@@ -2912,9 +2912,15 @@ scsi_modesense_marshall_caching(struct scsi_task *task,
|
|
struct scsi_data *data;
|
|
|
|
data = scsi_malloc(task, sizeof(struct scsi_data));
|
|
+ if (data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->size = 20 + hdr_size;
|
|
data->data = scsi_malloc(task, data->size);
|
|
+ if (data->data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
if (mp->caching.ic) data->data[hdr_size + 2] |= 0x80;
|
|
if (mp->caching.abpf) data->data[hdr_size + 2] |= 0x40;
|
|
@@ -2953,9 +2959,15 @@ scsi_modesense_marshall_control(struct scsi_task *task,
|
|
struct scsi_data *data;
|
|
|
|
data = scsi_malloc(task, sizeof(struct scsi_data));
|
|
+ if (data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->size = 12 + hdr_size;
|
|
data->data = scsi_malloc(task, data->size);
|
|
+ if (data->data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->data[hdr_size + 2] |= (mp->control.tst << 5) & 0xe0;
|
|
if (mp->control.tmf_only) data->data[hdr_size + 2] |= 0x10;
|
|
@@ -2993,9 +3005,15 @@ scsi_modesense_marshall_power_condition(struct scsi_task *task,
|
|
struct scsi_data *data;
|
|
|
|
data = scsi_malloc(task, sizeof(struct scsi_data));
|
|
+ if (data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->size = 40 + hdr_size;
|
|
data->data = scsi_malloc(task, data->size);
|
|
+ if (data->data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->data[hdr_size + 2] |=
|
|
(mp->power_condition.pm_bg_precedence << 6) & 0xc0;
|
|
@@ -3035,9 +3053,15 @@ scsi_modesense_marshall_disconnect_reconnect(struct scsi_task *task,
|
|
struct scsi_data *data;
|
|
|
|
data = scsi_malloc(task, sizeof(struct scsi_data));
|
|
+ if (data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->size = 16 + hdr_size;
|
|
data->data = scsi_malloc(task, data->size);
|
|
+ if (data->data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->data[hdr_size + 2] = mp->disconnect_reconnect.buffer_full_ratio;
|
|
data->data[hdr_size + 3] = mp->disconnect_reconnect.buffer_empty_ratio;
|
|
@@ -3064,9 +3088,15 @@ scsi_modesense_marshall_informational_exceptions_control(struct scsi_task *task,
|
|
struct scsi_data *data;
|
|
|
|
data = scsi_malloc(task, sizeof(struct scsi_data));
|
|
+ if (data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
data->size = 12 + hdr_size;
|
|
data->data = scsi_malloc(task, data->size);
|
|
+ if (data->data == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
|
|
if (mp->iec.perf) data->data[hdr_size + 2] |= 0x80;
|
|
if (mp->iec.ebf) data->data[hdr_size + 2] |= 0x20;
|
|
--
|
|
1.8.3.1
|
|
|