diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2013-03-14 14:21:00 +0100 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2013-03-18 12:40:12 +0100 |
commit | fe9ab00f8354a4c388e30301859c5741590c3809 (patch) | |
tree | 025f63833a6610ea7e2baaf9031bb53ae8e4ff3e | |
parent | Linux 3.9-rc3 (diff) | |
download | linux-fe9ab00f8354a4c388e30301859c5741590c3809.tar.xz linux-fe9ab00f8354a4c388e30301859c5741590c3809.zip |
dell-laptop: Fix krealloc() misuse in parse_da_table()
If krealloc() returns NULL, it *doesn't* free the original. So any code
of the form 'foo = krealloc(foo, …);' is almost certainly a bug.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
-rw-r--r-- | drivers/platform/x86/dell-laptop.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c index fa3ee6209572..1134119521ac 100644 --- a/drivers/platform/x86/dell-laptop.c +++ b/drivers/platform/x86/dell-laptop.c @@ -284,6 +284,7 @@ static void __init parse_da_table(const struct dmi_header *dm) { /* Final token is a terminator, so we don't want to copy it */ int tokens = (dm->length-11)/sizeof(struct calling_interface_token)-1; + struct calling_interface_token *new_da_tokens; struct calling_interface_structure *table = container_of(dm, struct calling_interface_structure, header); @@ -296,12 +297,13 @@ static void __init parse_da_table(const struct dmi_header *dm) da_command_address = table->cmdIOAddress; da_command_code = table->cmdIOCode; - da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) * - sizeof(struct calling_interface_token), - GFP_KERNEL); + new_da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) * + sizeof(struct calling_interface_token), + GFP_KERNEL); - if (!da_tokens) + if (!new_da_tokens) return; + da_tokens = new_da_tokens; memcpy(da_tokens+da_num_tokens, table->tokens, sizeof(struct calling_interface_token) * tokens); |