[PATCH 05/13] staging: unisys: neglect to NULL rcvbuf pointer

Benjamin Romer Thu, 09 Jul 2015 10:29:13 -0700

From: Tim Sell <timothy.s...@unisys.com>

Neglect to NULL rcvbuf pointer array could result in faults later


This problem would exhibit itself as a fault when when attempting to stop
any visornic device (i.e., in visornic_disable_with_timeout() or
visornic_serverdown_complete()) that had never been started (i.e., for
which init_rcv_bufs() had never been called).  Because the array of rcvbuf
was never cleared to NULLs, we would mistakenly attempt to call kfree_skb()
on garbage memory.

Signed-off-by: Tim Sell <timothy.s...@unisys.com>
Signed-off-by: Benjamin Romer <benjamin.ro...@unisys.com>
---
 drivers/staging/unisys/visornic/visornic_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/unisys/visornic/visornic_main.c 
b/drivers/staging/unisys/visornic/visornic_main.c
index 72253a0..915c913 100644
--- a/drivers/staging/unisys/visornic/visornic_main.c
+++ b/drivers/staging/unisys/visornic/visornic_main.c
@@ -1845,7 +1845,7 @@ static int visornic_probe(struct visor_device *dev)
        if (err)
                goto cleanup_netdev;
 
-       devdata->rcvbuf = kmalloc(sizeof(struct sk_buff *) *
+       devdata->rcvbuf = kzalloc(sizeof(struct sk_buff *) *
                                  devdata->num_rcv_bufs, GFP_KERNEL);
        if (!devdata->rcvbuf) {
                err = -ENOMEM;
-- 
2.1.4

_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[PATCH 05/13] staging: unisys: neglect to NULL rcvbuf pointer

Reply via email to