Since we cannot make sure the 'total_objects' and 'gamma_size' will always
be none zero here, and then if either equals to zero, the kzalloc() will
return ZERO_SIZE_PTR, which equals to ((void *)16).
This patch fix this with just doing the zero check before calling kzalloc().
Signed-off-by: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx>
---
drivers/gpu/drm/drm_crtc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index 901b812..2379c7a 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -1507,9 +1507,14 @@ static int drm_mode_group_init(struct drm_device *dev, struct drm_mode_group *gr
total_objects += dev->mode_config.num_encoder;
total_objects += dev->mode_config.num_bridge;
- group->id_list = kzalloc(total_objects * sizeof(uint32_t), GFP_KERNEL);
- if (!group->id_list)
- return -ENOMEM;
+ if (total_objects) {
+ group->id_list = kzalloc(total_objects * sizeof(uint32_t),
+ GFP_KERNEL);
+ if (!group->id_list)
+ return -ENOMEM;
+ } else {
+ group->id_list = NULL;
+ }
group->num_crtcs = 0;
group->num_connectors = 0;
@@ -4337,6 +4342,9 @@ EXPORT_SYMBOL(drm_mode_connector_attach_encoder);
int drm_mode_crtc_set_gamma_size(struct drm_crtc *crtc,
int gamma_size)
{
+ if (!gamma_size)
+ return -EINVAL;
+
crtc->gamma_size = gamma_size;
crtc->gamma_store = kzalloc(gamma_size * sizeof(uint16_t) * 3, GFP_KERNEL);
--
1.8.5
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
