of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_du...

[ Upstream commit 923017b10021ee4096b2c337ac5d3d1cc0978756 ]

When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will
be NULL, and strcmp() will cause null pointer dereference.

Fixes: b671c0aad04b ("of: overlay: check prevents multiple fragments touching same property")
Signed-off-by: ruanjinjie <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20221211023337.592266-1-ruanjinjie@huawei.com
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 8420ef42d89ea14cb5a17635376dddb447d6701c..dc298775f7620132e9985ac092e528d9bd3ef9f8 100644 (file)
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -547,7 +547,7 @@ static int find_dup_cset_node_entry(struct overlay_changeset *ovcs,
 
                fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
                fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
-               node_path_match = !strcmp(fn_1, fn_2);
+               node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
                kfree(fn_1);
                kfree(fn_2);
                if (node_path_match) {
@@ -582,7 +582,7 @@ static int find_dup_cset_prop(struct overlay_changeset *ovcs,
 
                fn_1 = kasprintf(GFP_KERNEL, "%pOF", ce_1->np);
                fn_2 = kasprintf(GFP_KERNEL, "%pOF", ce_2->np);
-               node_path_match = !strcmp(fn_1, fn_2);
+               node_path_match = !fn_1 || !fn_2 || !strcmp(fn_1, fn_2);
                kfree(fn_1);
                kfree(fn_2);
                if (node_path_match &&