summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2013-03-14 14:21:00 +0100
committerDavid Woodhouse <David.Woodhouse@intel.com>2013-03-18 12:40:12 +0100
commitfe9ab00f8354a4c388e30301859c5741590c3809 (patch)
tree025f63833a6610ea7e2baaf9031bb53ae8e4ff3e
parentLinux 3.9-rc3 (diff)
downloadlinux-fe9ab00f8354a4c388e30301859c5741590c3809.tar.xz
linux-fe9ab00f8354a4c388e30301859c5741590c3809.zip
dell-laptop: Fix krealloc() misuse in parse_da_table()
If krealloc() returns NULL, it *doesn't* free the original. So any code of the form 'foo = krealloc(foo, …);' is almost certainly a bug. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
-rw-r--r--drivers/platform/x86/dell-laptop.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c
index fa3ee6209572..1134119521ac 100644
--- a/drivers/platform/x86/dell-laptop.c
+++ b/drivers/platform/x86/dell-laptop.c
@@ -284,6 +284,7 @@ static void __init parse_da_table(const struct dmi_header *dm)
{
/* Final token is a terminator, so we don't want to copy it */
int tokens = (dm->length-11)/sizeof(struct calling_interface_token)-1;
+ struct calling_interface_token *new_da_tokens;
struct calling_interface_structure *table =
container_of(dm, struct calling_interface_structure, header);
@@ -296,12 +297,13 @@ static void __init parse_da_table(const struct dmi_header *dm)
da_command_address = table->cmdIOAddress;
da_command_code = table->cmdIOCode;
- da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) *
- sizeof(struct calling_interface_token),
- GFP_KERNEL);
+ new_da_tokens = krealloc(da_tokens, (da_num_tokens + tokens) *
+ sizeof(struct calling_interface_token),
+ GFP_KERNEL);
- if (!da_tokens)
+ if (!new_da_tokens)
return;
+ da_tokens = new_da_tokens;
memcpy(da_tokens+da_num_tokens, table->tokens,
sizeof(struct calling_interface_token) * tokens);