Commit 46e407dd authored by Wei Yongjun's avatar Wei Yongjun Committed by Greg Kroah-Hartman

mei: fix krealloc() misuse in in mei_cl_irq_read_msg()

If krealloc() returns NULL, it doesn't free the original. So any code
of the form 'foo = krealloc(foo, ...);' is almost certainly a bug.

Introduced by commit fcb136e1(mei: fix
reading large reposnes)
Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 70135393
......@@ -148,16 +148,16 @@ static int mei_cl_irq_read_msg(struct mei_device *dev,
dev_dbg(&dev->pdev->dev, "message overflow. size %d len %d idx %ld\n",
cb->response_buffer.size,
mei_hdr->length, cb->buf_idx);
cb->response_buffer.data =
krealloc(cb->response_buffer.data,
buffer = krealloc(cb->response_buffer.data,
mei_hdr->length + cb->buf_idx,
GFP_KERNEL);
if (!cb->response_buffer.data) {
if (!buffer) {
dev_err(&dev->pdev->dev, "allocation failed.\n");
list_del(&cb->list);
return -ENOMEM;
}
cb->response_buffer.data = buffer;
cb->response_buffer.size =
mei_hdr->length + cb->buf_idx;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment