On Tue, Aug 19, 2014 at 10:03:55AM -0500, Wolfram Sang wrote: > On Tue, Aug 12, 2014 at 10:33:38AM +0800, Xiubo Li wrote: > > Since we cannot make sure the 'data_len' will always be none zero here, > > and then if 'data_len' equals to zero, the kzalloc() will return ZERO_SIZE_PTR, > > which equals to ((void *)16). > > I assume the read request with length == 0 comes from a broken BIOS? I'm also interested. Does this trigger in a real system? > > > So this patch fix this with just doing the 'data_len' zero check before calling > > kzalloc(). > > > > Signed-off-by: Xiubo Li <Li.Xiubo@xxxxxxxxxxxxx> > > Looks good to me, yet adding ACPI experts to CC for further comments. > > > --- > > drivers/i2c/i2c-acpi.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/i2c/i2c-acpi.c b/drivers/i2c/i2c-acpi.c > > index e8b6196..e144c00 100644 > > --- a/drivers/i2c/i2c-acpi.c > > +++ b/drivers/i2c/i2c-acpi.c > > @@ -134,6 +134,9 @@ static int acpi_gsb_i2c_read_bytes(struct i2c_client *client, > > int ret; > > u8 *buffer; > > > > + if (!data_len) > > + return -EINVAL; > > + > > buffer = kzalloc(data_len, GFP_KERNEL); > > if (!buffer) > > return AE_NO_MEMORY; > > -- > > 1.8.5 > > -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
