From: Sinan Kaya <ok...@kernel.org>
In malloc_elem_alloc result of call to elem_start_pt is dereferenced
here and may be null.
Signed-off-by: Sinan Kaya <ok...@kernel.org>
---
lib/eal/common/malloc_elem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c
index 8f49812846..26296f2dba 100644
--- a/lib/eal/common/malloc_elem.c
+++ b/lib/eal/common/malloc_elem.c
@@ -435,6 +435,9 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size,
unsigned align,
{
struct malloc_elem *new_elem = elem_start_pt(elem, size, align, bound,
contig);
+ if (new_elem == NULL)
+ return NULL;
+
const size_t old_elem_size = (uintptr_t)new_elem - (uintptr_t)elem;
const size_t trailer_size = elem->size - old_elem_size - size -
MALLOC_ELEM_OVERHEAD;
--
2.25.1
