isdn/gigaset: fix zero size border case in debug dump

If subtracting 12 from l leaves zero we'd do a zero size allocation, leading to an oops later when we try to set the NUL terminator. Reported-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Tilman Schmidt <tilman@imap.cc> Signed-off-by: N David S. Miller <davem@davemloft.net>

isdn/gigaset: fix zero size border case in debug dump
If subtracting 12 from l leaves zero we'd do a zero size allocation, leading to an oops later when we try to set the NUL terminator. Reported-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Tilman Schmidt <tilman@imap.cc> Signed-off-by: N David S. Miller <davem@davemloft.net>
d721a175 · Tilman Schmidt · David S. Miller · 2f62d5aa · d721a175
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

drivers/isdn/gigaset/capi.c drivers/isdn/gigaset/capi.c +2 -0

未找到文件。
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c
@@ -248,6 +248,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag,
 		CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l,
 		CAPIMSG_CONTROL(data));
 	l -= 12;
+	if (l <= 0)
+		return;
 	dbgline = kmalloc(3 * l, GFP_ATOMIC);
 	if (!dbgline)
 		return;