From 30a915aea530f5fe781c738dddb63b4e0f21e2ab Mon Sep 17 00:00:00 2001 From: chao an Date: Mon, 11 Sep 2023 16:20:34 +0800 Subject: [PATCH] libsel4utils: fix null pointer reference add sanity check after alloc irq_server_t Signed-off-by: chao an --- libsel4utils/src/irq_server/irq_server.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libsel4utils/src/irq_server/irq_server.c b/libsel4utils/src/irq_server/irq_server.c index 68aa70c3..22a3cb28 100644 --- a/libsel4utils/src/irq_server/irq_server.c +++ b/libsel4utils/src/irq_server/irq_server.c @@ -338,9 +338,14 @@ irq_server_t *irq_server_new(vspace_t *vspace, vka_t *vka, seL4_Word priority, irq_server_t *new = NULL; error = ps_calloc(malloc_ops, 1, sizeof(irq_server_t), (void **) &new); + if (error) { + ZF_LOGE("Failed to allocate %zu bytes for irq_server", sizeof(irq_server_t)); + return NULL; + } if (config_set(CONFIG_KERNEL_MCS) && vka_alloc_reply(vka, &(new->reply)) != 0) { ZF_LOGE("Failed to allocate reply object"); + ps_free(malloc_ops, sizeof(irq_server_t), new); return NULL; } @@ -350,6 +355,8 @@ irq_server_t *irq_server_new(vspace_t *vspace, vka_t *vka, seL4_Word priority, error = sel4platsupport_new_irq_ops(&(new->irq_ops), vka, simple, irq_config, malloc_ops); if (error) { ZF_LOGE("Failed to initialise supporting backend for IRQ server"); + vka_free_object(vka, &(new->reply)); + ps_free(malloc_ops, sizeof(irq_server_t), new); return NULL; }