před 16 roky · a89dfebdad
--- a/drivers/staging/rt2860/common/ba_action.c
+++ b/drivers/staging/rt2860/common/ba_action.c
@@ -867,6 +867,8 @@ VOID BAOriSessionTearDown(
 
				 			// force send specified TID DelBA
			
 
				 			MLME_DELBA_REQ_STRUCT   DelbaReq;
			
 
				 			MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
			
 
				+			if (Elem == NULL)
			
 
				+				return;
			
 
				 
			
 
				 			NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
			
 
				 			NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
			
@@ -900,6 +902,8 @@ VOID BAOriSessionTearDown(
 
				 	{
			
 
				 		MLME_DELBA_REQ_STRUCT   DelbaReq;
			
 
				 		MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
			
 
				+		if (Elem == NULL)
			
 
				+			return;
			
 
				 
			
 
				 		NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
			
 
				 		NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
			
--- a/drivers/staging/rt2860/common/cmm_data.c
+++ b/drivers/staging/rt2860/common/cmm_data.c
@@ -2011,6 +2011,8 @@ UINT deaggregate_AMSDU_announce(
 
				 		{
			
 
				 		    // avoid local heap overflow, use dyanamic allocation
			
 
				 		   MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
			
 
				+		   if (Elem == NULL)
			
 
				+			return;
			
 
				 		   memmove(Elem->Msg+(LENGTH_802_11 + LENGTH_802_1_H), pPayload, PayloadSize);
			
 
				 		   Elem->MsgLen = LENGTH_802_11 + LENGTH_802_1_H + PayloadSize;
			
 
				 		   WpaEAPOLKeyAction(pAd, Elem);
			
--- a/drivers/staging/rt2860/rt_main_dev.c
+++ b/drivers/staging/rt2860/rt_main_dev.c
@@ -777,6 +777,8 @@ INT __devinit   rt28xx_probe(
 
				 
			
 
				 	// Allocate RTMP_ADAPTER miniport adapter structure
			
 
				 	handle = kmalloc(sizeof(struct os_cookie), GFP_KERNEL);
			
 
				+	if (handle == NULL)
			
 
				+		goto err_out_free_netdev;;
			
 
				 	RT28XX_HANDLE_DEV_ASSIGN(handle, dev_p);
			
 
				 
			
 
				 	status = RTMPAllocAdapterBlock(handle, &pAd);