FMC: NULL dereference on allocation failure

If we don't allocate "arr" then the cleanup path will dereference it and
oops.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/fmc/fmc-sdb.c b/drivers/fmc/fmc-sdb.c
index 74fb326f4af17e4f633130581dd90cafdf1ba458..79adc39221ea745f1a403a9eb6b1434f9cb20618 100644 (file)
--- a/drivers/fmc/fmc-sdb.c
+++ b/drivers/fmc/fmc-sdb.c
@@ -46,16 +46,17 @@ static struct sdb_array *__fmc_scan_sdb_tree(struct fmc_device *fmc,
        onew = __sdb_rd(fmc, sdb_addr + 4, convert);
        n = __be16_to_cpu(*(uint16_t *)&onew);
        arr = kzalloc(sizeof(*arr), GFP_KERNEL);
-       if (arr) {
-               arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL);
-               arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL);
-       }
-       if (!arr || !arr->record || !arr->subtree) {
+       if (!arr)
+               return ERR_PTR(-ENOMEM);
+       arr->record = kzalloc(sizeof(arr->record[0]) * n, GFP_KERNEL);
+       arr->subtree = kzalloc(sizeof(arr->subtree[0]) * n, GFP_KERNEL);
+       if (!arr->record || !arr->subtree) {
                kfree(arr->record);
                kfree(arr->subtree);
                kfree(arr);
                return ERR_PTR(-ENOMEM);
        }
+
        arr->len = n;
        arr->level = level;
        arr->fmc = fmc;