If kmemdup() was called with src == NULL, then memcpy() source address
is fatal, and if kmemdup() was called with len == 0, kmalloc_track_caller()
will return ZERO_SIZE_PTR to variable p, then memcpy() destination address
is fatal. Both 2 cases will cause an invalid pointer dereference.
Signed-off-by: Xujun Leng <lengxujun2007@xxxxxxx>
---
mm/util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/util.c b/mm/util.c
index dd12b9531ac4..d1a3b3d2988e 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -128,6 +128,9 @@ void *kmemdup(const void *src, size_t len, gfp_t gfp)
{
void *p;
+ if (!src || len == 0)
+ return NULL;
+
p = kmalloc_track_caller(len, gfp);
if (p)
memcpy(p, src, len);
--
2.25.1
