[PATCH] drivers/staging/tidspbridge/pmgr: additional checking after return from strlen_user
Chen Gang
gang.chen at asianux.com
Mon Jan 21 09:33:26 UTC 2013
strlen_user will return the length including final NUL.
and will return 0 if failed (for example: if user string not NUL terminated)
so need check whether it is an invalid parameter.
addtional info:
can reference the comments of strlen_user in lib/strnlen_user.c
Signed-off-by: Chen Gang <gang.chen at asianux.com>
---
drivers/staging/tidspbridge/pmgr/dspapi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/tidspbridge/pmgr/dspapi.c b/drivers/staging/tidspbridge/pmgr/dspapi.c
index 9ef1ad9..5a18a94 100644
--- a/drivers/staging/tidspbridge/pmgr/dspapi.c
+++ b/drivers/staging/tidspbridge/pmgr/dspapi.c
@@ -414,10 +414,13 @@ u32 mgrwrap_register_object(union trapped_args *args, void *pr_ctxt)
CP_FM_USR(&uuid_obj, args->args_mgr_registerobject.uuid_obj, status, 1);
if (status)
goto func_end;
- /* path_size is increased by 1 to accommodate NULL */
path_size = strlen_user((char *)
- args->args_mgr_registerobject.sz_path_name) +
- 1;
+ args->args_mgr_registerobject.sz_path_name);
+ if (!path_size) {
+ status = -EINVAL;
+ goto func_end;
+ }
+
psz_path_name = kmalloc(path_size, GFP_KERNEL);
if (!psz_path_name) {
status = -ENOMEM;
--
1.7.10.4
More information about the devel
mailing list