Since we cannot make sure the 'count' and 'dev->driver->dev_priv_size' will
always be none zero here, and then if either equal to zero, the kzalloc()
will return ZERO_SIZE_PTR, which equals to ((void *)16).
So this patch fix this with just doing the zero check before calling kzalloc().
Signed-off-by: Xiubo Li <Li.Xiubo at freescale.com>
---
drivers/gpu/drm/drm_bufs.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_bufs.c b/drivers/gpu/drm/drm_bufs.c
index 68175b5..09c1e8c 100644
--- a/drivers/gpu/drm/drm_bufs.c
+++ b/drivers/gpu/drm/drm_bufs.c
@@ -617,6 +617,9 @@ int drm_addbufs_agp(struct drm_device * dev, struct
drm_buf_desc * request)
int i, valid;
struct drm_buf **temp_buflist;
+ if (!dev->driver->dev_priv_size)
+ return -EINVAL;
+
if (!dma)
return -EINVAL;
@@ -672,7 +675,7 @@ int drm_addbufs_agp(struct drm_device * dev, struct
drm_buf_desc * request)
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
@@ -781,6 +784,9 @@ int drm_addbufs_pci(struct drm_device * dev, struct
drm_buf_desc * request)
unsigned long *temp_pagelist;
struct drm_buf **temp_buflist;
+ if (!dev->driver->dev_priv_size)
+ return -EINVAL;
+
if (!drm_core_check_feature(dev, DRIVER_PCI_DMA))
return -EINVAL;
@@ -821,7 +827,7 @@ int drm_addbufs_pci(struct drm_device * dev, struct
drm_buf_desc * request)
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
@@ -1031,7 +1037,7 @@ static int drm_addbufs_sg(struct drm_device * dev, struct
drm_buf_desc * request
return -ENOMEM; /* May only call once for each order */
}
- if (count < 0 || count > 4096) {
+ if (count <= 0 || count > 4096) {
mutex_unlock(&dev->struct_mutex);
atomic_dec(&dev->buf_alloc);
return -EINVAL;
--
1.8.5
