From: Wolfram Sang <wsa-z923LK4zBo2bacvFa/9K2g@public.gmane.org>
To: Xiubo Li <Li.Xiubo-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
Cc: linux-i2c-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Mika Westerberg
<mika.westerberg-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
Lan Tianyu <tianyu.lan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH] I2C/ACPI: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
Date: Tue, 19 Aug 2014 10:03:55 -0500 [thread overview]
Message-ID: <20140819150355.GD15371@katana> (raw)
In-Reply-To: <1407810818-33672-1-git-send-email-Li.Xiubo-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1099 bytes --]
On Tue, Aug 12, 2014 at 10:33:38AM +0800, Xiubo Li wrote:
> Since we cannot make sure the 'data_len' will always be none zero here,
> and then if 'data_len' equals to zero, the kzalloc() will return ZERO_SIZE_PTR,
> which equals to ((void *)16).
I assume the read request with length == 0 comes from a broken BIOS?
> So this patch fix this with just doing the 'data_len' zero check before calling
> kzalloc().
>
> Signed-off-by: Xiubo Li <Li.Xiubo-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
Looks good to me, yet adding ACPI experts to CC for further comments.
> ---
> drivers/i2c/i2c-acpi.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/i2c/i2c-acpi.c b/drivers/i2c/i2c-acpi.c
> index e8b6196..e144c00 100644
> --- a/drivers/i2c/i2c-acpi.c
> +++ b/drivers/i2c/i2c-acpi.c
> @@ -134,6 +134,9 @@ static int acpi_gsb_i2c_read_bytes(struct i2c_client *client,
> int ret;
> u8 *buffer;
>
> + if (!data_len)
> + return -EINVAL;
> +
> buffer = kzalloc(data_len, GFP_KERNEL);
> if (!buffer)
> return AE_NO_MEMORY;
> --
> 1.8.5
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2014-08-19 15:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-12 2:33 [PATCH] I2C/ACPI: Fix possible ZERO_SIZE_PTR pointer dereferencing error Xiubo Li
[not found] ` <1407810818-33672-1-git-send-email-Li.Xiubo-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
2014-08-19 15:03 ` Wolfram Sang [this message]
2014-08-19 15:16 ` Mika Westerberg
[not found] ` <20140819151604.GU1660-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2014-08-19 15:38 ` Wolfram Sang
2014-08-19 15:48 ` Mika Westerberg
[not found] ` <20140819154555.GW1660-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2014-08-20 2:37 ` Li.Xiubo-KZfg59tc24xl57MIdRCFDg
[not found] ` <1ff2414e255d4d978705c16339b8a586-swgC6WJTr6EbUgZD/0KOGpwN6zqB+hSMnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2014-08-20 8:00 ` Mika Westerberg
2014-08-20 8:59 ` Lan Tianyu
[not found] ` <53F4638F.5070704-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2014-08-20 10:18 ` Mika Westerberg
[not found] ` <20140820101814.GC1660-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2014-09-30 9:19 ` Wolfram Sang
2014-09-30 9:40 ` Mika Westerberg
[not found] ` <20140930094008.GP1786-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2014-09-30 10:35 ` Wolfram Sang
2014-10-03 0:55 ` Wolfram Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140819150355.GD15371@katana \
--to=wsa-z923lk4zbo2bacvfa/9k2g@public.gmane.org \
--cc=Li.Xiubo-KZfg59tc24xl57MIdRCFDg@public.gmane.org \
--cc=linux-i2c-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mika.westerberg-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=tianyu.lan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.