From patchwork Tue Aug 12 03:30:33 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiubo Li X-Patchwork-Id: 4715741 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id CED109F37E for ; Wed, 13 Aug 2014 01:01:04 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 21C8F2011B for ; Wed, 13 Aug 2014 01:01:04 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 4ABAF20160 for ; Wed, 13 Aug 2014 01:01:03 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 53DBD6E503; Tue, 12 Aug 2014 18:01:02 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0139.outbound.protection.outlook.com [207.46.163.139]) by gabe.freedesktop.org (Postfix) with ESMTP id 2F7256E095 for ; Mon, 11 Aug 2014 20:50:23 -0700 (PDT) Received: from BN3PR0301CA0078.namprd03.prod.outlook.com (25.160.152.174) by CY1PR0301MB0618.namprd03.prod.outlook.com (25.160.142.25) with Microsoft SMTP Server (TLS) id 15.0.995.14; Tue, 12 Aug 2014 03:34:50 +0000 Received: from BN1AFFO11FD025.protection.gbl (2a01:111:f400:7c10::188) by BN3PR0301CA0078.outlook.office365.com (2a01:111:e400:401e::46) with Microsoft SMTP Server (TLS) id 15.0.1005.10 via Frontend Transport; Tue, 12 Aug 2014 03:34:50 +0000 Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11FD025.mail.protection.outlook.com (10.58.52.85) with Microsoft SMTP Server (TLS) id 15.0.1010.11 via Frontend Transport; Tue, 12 Aug 2014 03:34:49 +0000 Received: from titan.ap.freescale.net ([10.192.208.233]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id s7C3Yadu027875; Mon, 11 Aug 2014 20:34:47 -0700 From: Xiubo Li To: , Subject: [PATCH 3/3] drm/global: Fix possible ZERO_SIZE_PTR pointer dereferencing error. Date: Tue, 12 Aug 2014 11:30:33 +0800 Message-ID: <1407814233-43689-4-git-send-email-Li.Xiubo@freescale.com> X-Mailer: git-send-email 1.8.5 In-Reply-To: <1407814233-43689-1-git-send-email-Li.Xiubo@freescale.com> References: <1407814233-43689-1-git-send-email-Li.Xiubo@freescale.com> X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:192.88.168.50; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(6009001)(189002)(199003)(107046002)(80022001)(64706001)(81342001)(62966002)(20776003)(229853001)(79102001)(74502001)(84676001)(36756003)(81542001)(85306004)(50466002)(76482001)(48376002)(104016003)(47776003)(95666004)(105606002)(44976005)(83322001)(106466001)(104166001)(102836001)(19580405001)(31966008)(93916002)(87286001)(4396001)(50226001)(87936001)(77982001)(88136002)(26826002)(86362001)(68736004)(92726001)(76176999)(97736001)(21056001)(83072002)(6806004)(85852003)(92566001)(77156001)(74662001)(19580395003)(50986999)(89996001)(99396002)(46102001); DIR:OUT; SFP:; SCL:1; SRVR:CY1PR0301MB0618; H:tx30smr01.am.freescale.net; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; MIME-Version: 1.0 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID: X-Forefront-PRVS: 0301360BF5 Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=Li.Xiubo@freescale.com; X-OriginatorOrg: freescale.com X-Mailman-Approved-At: Tue, 12 Aug 2014 18:00:55 -0700 Cc: Xiubo Li X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since we cannot make sure the 'ref->size' will always be none zero here, and then if it equals to zero, the kzalloc() will return ZERO_SIZE_PTR, which equals to ((void *)16). This patch fix this with just doing the zero check before calling kzalloc(). Signed-off-by: Xiubo Li --- drivers/gpu/drm/drm_global.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_global.c b/drivers/gpu/drm/drm_global.c index 3d2e91c..a669d01 100644 --- a/drivers/gpu/drm/drm_global.c +++ b/drivers/gpu/drm/drm_global.c @@ -70,6 +70,11 @@ int drm_global_item_ref(struct drm_global_reference *ref) mutex_lock(&item->mutex); if (item->refcount == 0) { + if (!ref->size) { + ret = -EINVAL; + goto out_err; + } + item->object = kzalloc(ref->size, GFP_KERNEL); if (unlikely(item->object == NULL)) { ret = -ENOMEM;