If the request length of UVC XU is 1 (even though this is illegal), due to 'data' may be the non-zero value, UVC_GET_LEN could potentially result in a length that is not 1 because of the high byte is not zero. In order to ensure that 2-byte data array is set to 0, 'kmalloc' is modified to 'kzalloc'. Signed-off-by: Jerry Liu <jerry.liu@xxxxxxxxxxxxxx> --- drivers/media/usb/uvc/uvc_ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 5e9d3da862dd..054bc14f7a58 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2088,7 +2088,7 @@ static int uvc_ctrl_fill_xu_info(struct uvc_device *dev, u8 *data; int ret; - data = kmalloc(2, GFP_KERNEL); + data = kzalloc(2, GFP_KERNEL); if (data == NULL) return -ENOMEM; -- 2.25.1