On Thu, Aug 07, 2014 at 05:48:24PM -0400, Jeff Moyer wrote:
> BTW, just above this there is questionable code:
>
> st = rsxx_get_num_targets(card, &card->n_targets);
> if (st)
> dev_info(CARD_TO_DEV(card),
> "Failed reading the number of DMA targets\n");
>
> card->ctrl = kzalloc(card->n_targets * sizeof(*card->ctrl), GFP_KERNEL);
> if (!card->ctrl) {
> st = -ENOMEM;
> goto failed_dma_setup;
> }
>
> >From my reading of the kzalloc code, ZERO_SIZE_PTR (which is 16 cast to
> a void *) would be returned from that kzalloc call if the
> rsxx_get_num_targets call failed (since you'd be kzalloc-ing 0 bytes).
> That would lead to the !card->ctrl check not working, right?
>
ZERO_SIZE_PTR is a subtle thing. The if (!card->ctrl) check correctly
tells you if you allocated enough space to hold zero elements. Which is
yes so we can continue without a problem.
Of course, you'd have to look at the surrounding code to see if there is
a problem... I think I have seen dereferencing ZERO_SIZE_PTR bugs in
the past, but they are rare.
> I'd suggest not continuing after rsxx_get_num_targets fails.
Introducing new failures is a bad thing unless you know the code very
well or you can test it. Your instinct should always be to not do that.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
