-
由 Xi Wang 提交于
num_sifr could go negative since acpi_pcc_get_sqty() returns -EINVAL on error. Then it could bypass the sanity check (num_sifr > 255). The subsequent call to kzalloc() would allocate a small buffer, leading to a memory corruption. Signed-off-by: NXi Wang <xi.wang@gmail.com> Signed-off-by: NMatthew Garrett <mjg@redhat.com>
e424fb8c