Arrays can not have zero elements by definition of the unified device
properties. If such property comes from outside we should not allow it to pass.
Otherwise memory allocation on 0 length will return non-NULL value, which we
currently don't check.
Prevent memory allocations of 0 length.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
---
drivers/base/property.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/base/property.c b/drivers/base/property.c
index b3429cc..c359351 100644
--- a/drivers/base/property.c
+++ b/drivers/base/property.c
@@ -653,6 +653,9 @@ int fwnode_property_match_string(struct fwnode_handle *fwnode,
if (nval < 0)
return nval;
+ if (nval == 0)
+ return -ENODATA;
+
values = kcalloc(nval, sizeof(*values), GFP_KERNEL);
if (!values)
return -ENOMEM;
@@ -718,6 +721,9 @@ static int pset_copy_entry(struct property_entry *dst,
return -ENOMEM;
if (src->is_array) {
+ if (!src->length)
+ return -ENODATA;
+
if (src->is_string) {
nval = src->length / sizeof(const char *);
dst->pointer.str = kcalloc(nval, sizeof(const char *),
--
2.6.4
--
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
