From: Xiubo Li Date: Mon, 19 May 2014 07:13:45 +0000 (+0800) Subject: regmap: irq: Fix possible ZERO_SIZE_PTR pointer dereferencing error. X-Git-Tag: firefly_0821_release~176^2~3465^2~33^2~1^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e12892070184ee782c207f09722a93d0236be955;p=firefly-linux-kernel-4.4.55.git regmap: irq: Fix possible ZERO_SIZE_PTR pointer dereferencing error. Since we cannot make sure the 'chip->num_regs' will always be none zero from the users, and then if 'chip->num_regs' equals to zero by mistake or other reasons, the kzalloc() will return ZERO_SIZE_PTR, which equals to ((void *)16). So this patch fix this with just checking the 'chip->num_regs' before calling kzalloc(). This also sorts the header files in alphabetical order at the same time. Signed-off-by: Xiubo Li Signed-off-by: Mark Brown --- diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c index edf88f20cbce..6299a50a5960 100644 --- a/drivers/base/regmap/regmap-irq.c +++ b/drivers/base/regmap/regmap-irq.c @@ -10,13 +10,13 @@ * published by the Free Software Foundation. */ -#include #include -#include -#include +#include #include +#include #include #include +#include #include #include "internal.h" @@ -347,6 +347,9 @@ int regmap_add_irq_chip(struct regmap *map, int irq, int irq_flags, int ret = -ENOMEM; u32 reg; + if (chip->num_regs <= 0) + return -EINVAL; + for (i = 0; i < chip->num_irqs; i++) { if (chip->irqs[i].reg_offset % map->reg_stride) return -EINVAL;