of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_du...

When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will
be NULL, and strcmp() will cause null pointer dereference.

Fixes: 2fe0e8769df9 ("of: overlay: check prevents multiple fragments touching same property")
Signed-off-by: ruanjinjie <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Rob Herring <[email protected]>

diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index bd8ff4df723da217fda5ef25b9ad5b870a67bdb1..ed4e6c144a681e633eb6719b2df379af9f7d8c77 100644 (file)
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -545,7 +545,7 @@ static int find_dup_cset_node_entry(struct overlay_changeset *ovcs,
 
                fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
                fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
-               node_path_match = !strcmp(fn_1, fn_2);
+               node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
                kfree(fn_1);
                kfree(fn_2);
                if (node_path_match) {
@@ -580,7 +580,7 @@ static int find_dup_cset_prop(struct overlay_changeset *ovcs,
 
                fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
                fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
-               node_path_match = !strcmp(fn_1, fn_2);
+               node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
                kfree(fn_1);
                kfree(fn_2);
                if (node_path_match &&