| Message ID | 4DC85094.4050401@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi, On Mon, May 09 2011, Vladimir Motyka wrote: > When allocation of idata failed there was a null dereference. Also avoid > calling kfree where it is needn't. > > --- > diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c > index 407836d..126c7f4 100644 > --- a/drivers/mmc/card/block.c > +++ b/drivers/mmc/card/block.c > @@ -237,24 +237,24 @@ static struct mmc_blk_ioc_data > *mmc_blk_ioctl_copy_from_user( Thanks, I've pushed this version of the patch to mmc-next. (The patch you sent was corrupted by gmail; it added a line break on the last line quoted above where there shouldn't be one. Please fix that for next time.) - Chris.
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 407836d..126c7f4 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -237,24 +237,24 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( idata = kzalloc(sizeof(*idata), GFP_KERNEL); if (!idata) { err = -ENOMEM; - goto copy_err; + goto out; } if (copy_from_user(&idata->ic, user, sizeof(idata->ic))) { err = -EFAULT; - goto copy_err; + goto idata_err; } idata->buf_bytes = (u64) idata->ic.blksz * idata->ic.blocks; if (idata->buf_bytes > MMC_IOC_MAX_BYTES) { err = -EOVERFLOW; - goto copy_err; + goto idata_err; } idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL); if (!idata->buf) { err = -ENOMEM; - goto copy_err; + goto idata_err; }