[v2,09/11] malloc: check result of malloc_elem_free
Checks
Commit Message
From: Sinan Kaya <okaya@kernel.org>
In malloc_heap_free result of call to malloc_elem_free is dereferenced
here and may be null.
Signed-off-by: Sinan Kaya <okaya@kernel.org>
---
lib/eal/common/malloc_heap.c | 3 +++
1 file changed, 3 insertions(+)
Comments
2022-11-21 17:32 (UTC-0500), okaya@kernel.org:
> From: Sinan Kaya <okaya@kernel.org>
>
> In malloc_heap_free result of call to malloc_elem_free is dereferenced
> here and may be null.
It may not: "malloc_elem_free()" never returns NULL by definition:
it takes a valid busy element and returns a valid free element.
How about annotating the function instead?
@@ -892,6 +892,9 @@ malloc_heap_free(struct malloc_elem *elem)
/* anything after this is a bonus */
ret = 0;
+ if (elem == NULL)
+ goto free_unlock;
+
/* ...of which we can't avail if we are in legacy mode, or if this is an
* externally allocated segment.
*/