tty: serial: sh-sci: set error code when kasprintf fails

When the call to kasprintf() returns a NULL pointer, function
sci_request_irq() frees the preallocated memory and returns 0 is
returned. Because 0 means no error, the caller of sci_request_irq()
will keep going, and the freed memory may be used or freed again. To
avoid the above issue, this patch assigns "-ENOMEM" to the return
variable ret.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188691

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 91e7dddbf72cd3de61844c85bf0d01efe8e6db56..b33199af8877399f54b184c5e2e4020fa3c95314 100644 (file)
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1743,8 +1743,10 @@ static int sci_request_irq(struct sci_port *port)
                desc = sci_irq_desc + i;
                port->irqstr[j] = kasprintf(GFP_KERNEL, "%s:%s",
                                            dev_name(up->dev), desc->desc);
-               if (!port->irqstr[j])
+               if (!port->irqstr[j]) {
+                       ret = -ENOMEM;
                        goto out_nomem;
+               }
 
                ret = request_irq(irq, desc->handler, up->irqflags,
                                  port->irqstr[j], port);