The AB8500 debugfs driver allocates memory to contain the name of a new sysfs
entry, but fails to apply the proper post-allocation checks. If the device
were to run out of memory, the allocation would return NULL. Without the
correct checks the driver will continue to populate address NULL with the
specified device name which would obviously cause a pointer dereference Oops.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
return -ENOMEM;
event_name[irq_index] = kmalloc(count, GFP_KERNEL);
+ if (!event_name[irq_index])
+ return -ENOMEM;
+
sprintf(event_name[irq_index], "%lu", user_val);
dev_attr[irq_index]->show = show_irq;
dev_attr[irq_index]->store = NULL;