ASoC: cache: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
diff mbox

Message ID 1400488329-31702-1-git-send-email-Li.Xiubo@freescale.com
State Accepted
Commit b59dce53ef6193139253db09bfb64e3834689f1b
Headers show

Commit Message

Xiubo Li May 19, 2014, 8:32 a.m. UTC
Since we cannot make sure the 'reg_size' will always be none zero here,
and then if 'reg_size' equals to zero, the kzalloc() will return ZERO_SIZE_PTR,
which equals to ((void *)16).

So this patch fix this with just doing the 'reg_size' zero check before calling
kzalloc().

Signed-off-by: Xiubo Li <Li.Xiubo@freescale.com>
---
 sound/soc/soc-cache.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Mark Brown June 1, 2014, 7:02 p.m. UTC | #1
On Mon, May 19, 2014 at 04:32:09PM +0800, Xiubo Li wrote:
> Since we cannot make sure the 'reg_size' will always be none zero here,
> and then if 'reg_size' equals to zero, the kzalloc() will return ZERO_SIZE_PTR,
> which equals to ((void *)16).

Applied, thanks.

Patch
diff mbox

diff --git a/sound/soc/soc-cache.c b/sound/soc/soc-cache.c
index 3fa77d5..8fff5b6 100644
--- a/sound/soc/soc-cache.c
+++ b/sound/soc/soc-cache.c
@@ -72,6 +72,9 @@  int snd_soc_cache_init(struct snd_soc_codec *codec)
 
 	reg_size = codec_drv->reg_cache_size * codec_drv->reg_word_size;
 
+	if (!reg_size)
+		return -EINVAL;
+
 	mutex_init(&codec->cache_rw_mutex);
 
 	dev_dbg(codec->dev, "ASoC: Initializing cache for %s codec\n",