> On Tue, Aug 19, 2014 at 10:38:08AM -0500, Wolfram Sang wrote: > > On Tue, Aug 19, 2014 at 06:16:49PM +0300, Mika Westerberg wrote: > > > On Tue, Aug 19, 2014 at 10:03:55AM -0500, Wolfram Sang wrote: > > > > On Tue, Aug 12, 2014 at 10:33:38AM +0800, Xiubo Li wrote: > > > > > Since we cannot make sure the 'data_len' will always be none zero here, > > > > > and then if 'data_len' equals to zero, the kzalloc() will return > ZERO_SIZE_PTR, > > > > > which equals to ((void *)16). > > > > > > > > I assume the read request with length == 0 comes from a broken BIOS? > > > > > > I'm also interested. Does this trigger in a real system? > > > > Even if not now, we should consider potentially broken BIOSes, or? Which > > extends the question to: Do we need even more sanity checks when taking > > broken BIOSes into account? > > Typically ACPICA has done this work for us (e.g it fixes things upfront > so that we get sane data). I'm not sure if it does that for I2C > Operation Regions, though (that's why I'm asking if it happens in a real > system or is this more like a theoretical possibility). > Yes, it a theoretical potentially risk here for me, but not sure in the future. I have encountered many issues of this risk for different codes, which can be reproduced very easily mostly. Thanks, BRs Xiubo -- To unsubscribe from this list: send the line "unsubscribe linux-i2c" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
