From: Sharvari Harisangam <sharvari@xxxxxxxxxxx> mwifiex_pcie_fw_dump would read firmware scratch registers, to get the size of the dump. It does a vmalloc of memory_size + 1, read above, to save the dump. It is possible that the value read by memory_size scratch register be invalid, i.e 0xffffffff. This would pass an invalid size(0) to vmalloc. To fix this check for invalid scratch register read. Signed-off-by: Sharvari Harisangam <sharvari@xxxxxxxxxxx> Signed-off-by: Ganapathi Bhat <gbhat@xxxxxxxxxxx> --- drivers/net/wireless/marvell/mwifiex/pcie.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c index fc1706d..483b521 100644 --- a/drivers/net/wireless/marvell/mwifiex/pcie.c +++ b/drivers/net/wireless/marvell/mwifiex/pcie.c @@ -2727,6 +2727,13 @@ static void mwifiex_pcie_fw_dump(struct mwifiex_adapter *adapter) break; } + if (memory_size == 0xffffffff) { + mwifiex_dbg(adapter, ERROR, + "Invalid dump size: 0x%x, for %s\n", + memory_size, entry->mem_name); + return; + } + mwifiex_dbg(adapter, DUMP, "%s_SIZE=0x%x\n", entry->mem_name, memory_size); entry->mem_ptr = vmalloc(memory_size + 1); -- 1.9.1