On Tue, Aug 12, 2014 at 10:33:38AM +0800, Xiubo Li wrote: > Since we cannot make sure the 'data_len' will always be none zero here, > and then if 'data_len' equals to zero, the kzalloc() will return ZERO_SIZE_PTR, > which equals to ((void *)16). I assume the read request with length == 0 comes from a broken BIOS? > So this patch fix this with just doing the 'data_len' zero check before calling > kzalloc(). > > Signed-off-by: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx> Looks good to me, yet adding ACPI experts to CC for further comments. > --- > drivers/i2c/i2c-acpi.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/i2c/i2c-acpi.c b/drivers/i2c/i2c-acpi.c > index e8b6196..e144c00 100644 > --- a/drivers/i2c/i2c-acpi.c > +++ b/drivers/i2c/i2c-acpi.c > @@ -134,6 +134,9 @@ static int acpi_gsb_i2c_read_bytes(struct i2c_client *client, > int ret; > u8 *buffer; > > + if (!data_len) > + return -EINVAL; > + > buffer = kzalloc(data_len, GFP_KERNEL); > if (!buffer) > return AE_NO_MEMORY; > -- > 1.8.5 >
Attachment:
signature.asc
Description: Digital signature
