From: Paulo Marques <pmarques@grupopie.com>
Date: Thu, 31 Mar 2005 03:39:49 +0000 (-0500)
Subject: [ACPI] fix kmalloc size bug in acpi/video.c
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d1dd0c23916bd781de27bc5ec1c295064e9ce9cc;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

[ACPI] fix kmalloc size bug in acpi/video.c

acpi_video_device_find_cap() used &p instead of *p
when calculating storage size, thus allocating
only 4 or 8 bytes instead of 12...

Also, kfree(NULL) is legal, so remove some unneeded checks.

From: Paulo Marques <pmarques@grupopie.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Len Brown <len.brown@intel.com>
---

diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index b3b352b8330a..2cf264fd52e0 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -564,12 +564,13 @@ acpi_video_device_find_cap (struct acpi_video_device *device)
 		int count = 0;
 		union acpi_object *o;
 		
-		br = kmalloc(sizeof &br, GFP_KERNEL);
+		br = kmalloc(sizeof(*br), GFP_KERNEL);
 		if (!br) {
 			printk(KERN_ERR "can't allocate memory\n");
 		} else {
-			memset(br, 0, sizeof &br);
-			br->levels = kmalloc(obj->package.count * sizeof &br->levels, GFP_KERNEL);
+			memset(br, 0, sizeof(*br));
+			br->levels = kmalloc(obj->package.count *
+					sizeof *(br->levels), GFP_KERNEL);
 			if (!br->levels)
 				goto out;
 
@@ -584,8 +585,7 @@ acpi_video_device_find_cap (struct acpi_video_device *device)
 			}
 out:
 			if (count < 2) {
-				if (br->levels)
-					kfree(br->levels);
+				kfree(br->levels);
 				kfree(br);
 			} else {
 				br->count = count;
@@ -595,8 +595,7 @@ out:
 		}
 	}
 
-	if (obj)
-		kfree(obj);
+	kfree(obj);
 
 	return_VOID;
 }