From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753413AbbL2LIC (ORCPT ); Tue, 29 Dec 2015 06:08:02 -0500 Received: from mga02.intel.com ([134.134.136.20]:34159 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751538AbbL2LHz (ORCPT ); Tue, 29 Dec 2015 06:07:55 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,495,1444719600"; d="scan'208";a="625180300" From: Andy Shevchenko To: Stephen Rothwell , linux-next@vger.kernel.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, heikki.krogerus@linux.intel.com, "Rafael J . Wysocki" , linux-acpi@vger.kernel.org Cc: Andy Shevchenko Subject: [PATCH v3 3/3] device property: avoid allocations of 0 length Date: Tue, 29 Dec 2015 13:07:50 +0200 Message-Id: <1451387271-56535-4-git-send-email-andriy.shevchenko@linux.intel.com> X-Mailer: git-send-email 2.6.4 In-Reply-To: <1451387271-56535-1-git-send-email-andriy.shevchenko@linux.intel.com> References: <1451387271-56535-1-git-send-email-andriy.shevchenko@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Arrays can not have zero elements by definition of the unified device properties. If such property comes from outside we should not allow it to pass. Otherwise memory allocation on 0 length will return non-NULL value, which we currently don't check. Prevent memory allocations of 0 length. Signed-off-by: Andy Shevchenko --- drivers/base/property.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/base/property.c b/drivers/base/property.c index b3429cc..c359351 100644 --- a/drivers/base/property.c +++ b/drivers/base/property.c @@ -653,6 +653,9 @@ int fwnode_property_match_string(struct fwnode_handle *fwnode, if (nval < 0) return nval; + if (nval == 0) + return -ENODATA; + values = kcalloc(nval, sizeof(*values), GFP_KERNEL); if (!values) return -ENOMEM; @@ -718,6 +721,9 @@ static int pset_copy_entry(struct property_entry *dst, return -ENOMEM; if (src->is_array) { + if (!src->length) + return -ENODATA; + if (src->is_string) { nval = src->length / sizeof(const char *); dst->pointer.str = kcalloc(nval, sizeof(const char *), -- 2.6.4