Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c'
@ 2016-04-11 10:00 Christophe JAILLET
  2016-04-11 10:04 ` walter harms
  2016-04-11 10:26 ` Dan Carpenter
  0 siblings, 2 replies; 3+ messages in thread
From: Christophe JAILLET @ 2016-04-11 10:00 UTC (permalink / raw)
  To: geoff, netdev, linuxppc-dev, kernel-janitors

Hi,

while looking at potential clean-up, I ended on the following code which 
looks spurious to me.

We allocate 'be16_to_cpu(scan_info->size)' bytes, but then copy 
'scan_info->size'.
This is not consistent.


I don't know which one is the correct one.


CJ

--- drivers/net/ethernet/toshiba/ps3_gelic_wireless.c
+++ /tmp/cocci-output-24201-0dddbd-ps3_gelic_wireless.c
@@ -1616,13 +1616,10 @@ static void gelic_wl_scan_complete_event
          target->valid = 1;
          target->eurus_index = i;
          kfree(target->hwinfo);
-        target->hwinfo = kzalloc(be16_to_cpu(scan_info->size),
-                     GFP_KERNEL);
          if (!target->hwinfo)
              continue;

          /* copy hw scan info */
-        memcpy(target->hwinfo, scan_info, scan_info->size);
          target->essid_len = strnlen(scan_info->essid,
                          sizeof(scan_info->essid));
          target->rate_len = 0;

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c'
  2016-04-11 10:00 Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c' Christophe JAILLET
@ 2016-04-11 10:04 ` walter harms
  2016-04-11 10:26 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: walter harms @ 2016-04-11 10:04 UTC (permalink / raw)
  To: Christophe JAILLET; +Cc: geoff, netdev, linuxppc-dev, kernel-janitors

this is a case for kmemdup().

target->hwinfo=kmemdup(scan_info,be16_to_cpu(scan_info->size), GFP_KERNEL);


re,
 wh


Am 11.04.2016 12:00, schrieb Christophe JAILLET:
> Hi,
> 
> while looking at potential clean-up, I ended on the following code which
> looks spurious to me.
> 
> We allocate 'be16_to_cpu(scan_info->size)' bytes, but then copy
> 'scan_info->size'.
> This is not consistent.
> 
> 
> I don't know which one is the correct one.
> 
> 
> CJ
> 
> --- drivers/net/ethernet/toshiba/ps3_gelic_wireless.c
> +++ /tmp/cocci-output-24201-0dddbd-ps3_gelic_wireless.c
> @@ -1616,13 +1616,10 @@ static void gelic_wl_scan_complete_event
>          target->valid = 1;
>          target->eurus_index = i;
>          kfree(target->hwinfo);
> -        target->hwinfo = kzalloc(be16_to_cpu(scan_info->size),
> -                     GFP_KERNEL);
>          if (!target->hwinfo)
>              continue;
> 
>          /* copy hw scan info */
> -        memcpy(target->hwinfo, scan_info, scan_info->size);
>          target->essid_len = strnlen(scan_info->essid,
>                          sizeof(scan_info->essid));
>          target->rate_len = 0;
> 
> -- 
> To unsubscribe from this list: send the line "unsubscribe
> kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c'
  2016-04-11 10:00 Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c' Christophe JAILLET
  2016-04-11 10:04 ` walter harms
@ 2016-04-11 10:26 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2016-04-11 10:26 UTC (permalink / raw)
  To: Christophe JAILLET; +Cc: geoff, netdev, linuxppc-dev, kernel-janitors

On Mon, Apr 11, 2016 at 12:00:04PM +0200, Christophe JAILLET wrote:
> Hi,
> 
> while looking at potential clean-up, I ended on the following code
> which looks spurious to me.
> 
> We allocate 'be16_to_cpu(scan_info->size)' bytes, but then copy
> 'scan_info->size'.
> This is not consistent.
> 

Good catch.  be16_to_cpu(scan_info->size) is correct.  It's surprising
that this bug wasn't caught in testing...

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-04-11 10:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-11 10:00 Inconsistent use of size argument in kzalloc and memcpy in 'drivers/net/ethernet/toshiba/ps3_gelic_wireless.c' Christophe JAILLET
2016-04-11 10:04 ` walter harms
2016-04-11 10:26 ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).