From: Jiri Slaby Date: Sat, 8 Aug 2009 09:33:58 +0000 (+0200) Subject: Staging: dream, fix buf overflow X-Git-Tag: firefly_0821_release~12948^2~280 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4d62691b609cc4e66e15c8e5b2261ddb6785b7ca;p=firefly-linux-kernel-4.4.55.git Staging: dream, fix buf overflow In vfe_send_msg_no_payload there is a wrong struct vfe_message allocation. It allocates only sizeof(pointer to vfe_message) for a whole structure. Add a dereference to the sizeof to allocate sizeof(vfe_message). Signed-off-by: Jiri Slaby Acked-by: Pavel Machek Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/dream/camera/msm_vfe8x_proc.c b/drivers/staging/dream/camera/msm_vfe8x_proc.c index bb6501340211..5436f7120018 100644 --- a/drivers/staging/dream/camera/msm_vfe8x_proc.c +++ b/drivers/staging/dream/camera/msm_vfe8x_proc.c @@ -818,7 +818,7 @@ static void vfe_send_msg_no_payload(enum VFE_MESSAGE_ID id) { struct vfe_message *msg; - msg = kzalloc(sizeof(msg), GFP_ATOMIC); + msg = kzalloc(sizeof(*msg), GFP_ATOMIC); if (!msg) return;