From: Dan Carpenter Date: Mon, 8 Jul 2013 23:01:58 +0000 (-0700) Subject: lib/scatterlist: error handling in __sg_alloc_table() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=27daabd9b6a157c34a6e7a7f509fa26866e6420f;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git lib/scatterlist: error handling in __sg_alloc_table() I was reviewing code which I suspected might allocate a zero size SG table. That will cause memory corruption. Also we can't return before doing the memset or we could end up using uninitialized memory in the cleanup path. Signed-off-by: Dan Carpenter Cc: Akinobu Mita Cc: Imre Deak Cc: Tejun Heo Cc: Daniel Vetter Cc: Maxim Levitsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/lib/scatterlist.c b/lib/scatterlist.c index 129a82f707df..a685c8a79578 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents, struct scatterlist *sg, *prv; unsigned int left; + memset(table, 0, sizeof(*table)); + + if (nents == 0) + return -EINVAL; #ifndef ARCH_HAS_SG_CHAIN if (WARN_ON_ONCE(nents > max_ents)) return -EINVAL; #endif - memset(table, 0, sizeof(*table)); - left = nents; prv = NULL; do {