When providing an empty key to map_get_value() we'd access invalid memory because the function assumed there would at least be one character total in the string.
Passing an empty string would access and could possibly overwrite the byte right before the key string. Signed-off-by: Sasha Levin <[email protected]> --- drivers/power/test_power.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/power/test_power.c b/drivers/power/test_power.c index 0152f35..b47bd17 100644 --- a/drivers/power/test_power.c +++ b/drivers/power/test_power.c @@ -275,6 +275,8 @@ static int map_get_value(struct battery_property_map *map, const char *key, buf[MAX_KEYLENGTH-1] = '\0'; cr = strnlen(buf, MAX_KEYLENGTH) - 1; + if (cr < 0) + return def_val; if (buf[cr] == '\n') buf[cr] = '\0'; -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
