| Message ID | 1407814233-43689-4-git-send-email-Li.Xiubo@freescale.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/drivers/gpu/drm/drm_global.c b/drivers/gpu/drm/drm_global.c index 3d2e91c..a669d01 100644 --- a/drivers/gpu/drm/drm_global.c +++ b/drivers/gpu/drm/drm_global.c @@ -70,6 +70,11 @@ int drm_global_item_ref(struct drm_global_reference *ref) mutex_lock(&item->mutex); if (item->refcount == 0) { + if (!ref->size) { + ret = -EINVAL; + goto out_err; + } + item->object = kzalloc(ref->size, GFP_KERNEL); if (unlikely(item->object == NULL)) { ret = -ENOMEM;
Since we cannot make sure the 'ref->size' will always be none zero here, and then if it equals to zero, the kzalloc() will return ZERO_SIZE_PTR, which equals to ((void *)16). This patch fix this with just doing the zero check before calling kzalloc(). Signed-off-by: Xiubo Li <Li.Xiubo@freescale.com> --- drivers/gpu/drm/drm_global.c | 5 +++++ 1 file changed, 5 insertions(+)