From: Tim Sell Date: Thu, 9 Jul 2015 17:27:45 +0000 (-0400) Subject: staging: unisys: neglect to NULL rcvbuf pointer X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=46dfa3d83464c7ee694ff32761645c3e27fcfc48;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git staging: unisys: neglect to NULL rcvbuf pointer Neglect to NULL rcvbuf pointer array could result in faults later This problem would exhibit itself as a fault when when attempting to stop any visornic device (i.e., in visornic_disable_with_timeout() or visornic_serverdown_complete()) that had never been started (i.e., for which init_rcv_bufs() had never been called). Because the array of rcvbuf was never cleared to NULLs, we would mistakenly attempt to call kfree_skb() on garbage memory. Signed-off-by: Tim Sell Signed-off-by: Benjamin Romer Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/unisys/visornic/visornic_main.c b/drivers/staging/unisys/visornic/visornic_main.c index 72253a07c255..915c9132a5c4 100644 --- a/drivers/staging/unisys/visornic/visornic_main.c +++ b/drivers/staging/unisys/visornic/visornic_main.c @@ -1845,7 +1845,7 @@ static int visornic_probe(struct visor_device *dev) if (err) goto cleanup_netdev; - devdata->rcvbuf = kmalloc(sizeof(struct sk_buff *) * + devdata->rcvbuf = kzalloc(sizeof(struct sk_buff *) * devdata->num_rcv_bufs, GFP_KERNEL); if (!devdata->rcvbuf) { err = -ENOMEM;