提交 a30450c7 编写于 作者: D David Woodhouse 提交者: Matthew Garrett

dell-laptop: Fix krealloc() misuse in parse_da_table()

If krealloc() returns NULL, it *doesn't* free the original. So any code
of the form 'foo = krealloc(foo, …);' is almost certainly a bug.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NMatthew Garrett <matthew.garrett@nebula.com>
上级 77838199
...@@ -284,6 +284,7 @@ static void __init parse_da_table(const struct dmi_header *dm) ...@@ -284,6 +284,7 @@ static void __init parse_da_table(const struct dmi_header *dm)
{ {
/* Final token is a terminator, so we don't want to copy it */ /* Final token is a terminator, so we don't want to copy it */
int tokens = (dm->length-11)/sizeof(struct calling_interface_token)-1; int tokens = (dm->length-11)/sizeof(struct calling_interface_token)-1;
struct calling_interface_token *new_da_tokens;
struct calling_interface_structure *table = struct calling_interface_structure *table =
container_of(dm, struct calling_interface_structure, header); container_of(dm, struct calling_interface_structure, header);
...@@ -296,12 +297,13 @@ static void __init parse_da_table(const struct dmi_header *dm) ...@@ -296,12 +297,13 @@ static void __init parse_da_table(const struct dmi_header *dm)
da_command_address = table->cmdIOAddress; da_command_address = table->cmdIOAddress;
da_command_code = table->cmdIOCode; da_command_code = table->cmdIOCode;
da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) * new_da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) *
sizeof(struct calling_interface_token), sizeof(struct calling_interface_token),
GFP_KERNEL); GFP_KERNEL);
if (!da_tokens) if (!new_da_tokens)
return; return;
da_tokens = new_da_tokens;
memcpy(da_tokens+da_num_tokens, table->tokens, memcpy(da_tokens+da_num_tokens, table->tokens,
sizeof(struct calling_interface_token) * tokens); sizeof(struct calling_interface_token) * tokens);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册