On Sun, Jun 24, 2018 at 11:23:47AM +0300, Leon Romanovsky wrote: > From: Leon Romanovsky <leonro@xxxxxxxxxxxx> > > Number of specs is provided by user and in valid case can be equal to zero. > Such argument causes to call to kcalloc() with zero-length request and in > return the ZERO_SIZE_PTR is assigned. This pointer is different from NULL > and makes various if (..) checks to success. The one seems really weird. There is nothing wrong with ZERO_SIZE_PTR, but this description and fix suggest that something did ptr = kalloc(0); ptr[0] = ...; Which is not allowed of course. Doesn't this mean there is also a missing range check someplace? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
