Since we cannot make sure the 'ref->size' will always be none zero here, and then if it equals to zero, the kzalloc() will return ZERO_SIZE_PTR, which equals to ((void *)16). This patch fix this with just doing the zero check before calling kzalloc(). Signed-off-by: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx> --- drivers/gpu/drm/drm_global.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_global.c b/drivers/gpu/drm/drm_global.c index 3d2e91c..a669d01 100644 --- a/drivers/gpu/drm/drm_global.c +++ b/drivers/gpu/drm/drm_global.c @@ -70,6 +70,11 @@ int drm_global_item_ref(struct drm_global_reference *ref) mutex_lock(&item->mutex); if (item->refcount == 0) { + if (!ref->size) { + ret = -EINVAL; + goto out_err; + } + item->object = kzalloc(ref->size, GFP_KERNEL); if (unlikely(item->object == NULL)) { ret = -ENOMEM; -- 1.8.5 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel