We are allocating the size of a pointer and not the size of the data.
This will lead to memory corruption.
There isn't actually a "cb_device" struct, btw. The code is only able
to compile because GCC knows that all pointers are the same size.
Fixes: 96ca848ef7ea ('DRIVERS: IRQCHIP: CROSSBAR: Add support for Crossbar IP')
Signed-off-by: Dan Carpenter <[email protected]>
diff --git a/drivers/irqchip/irq-crossbar.c b/drivers/irqchip/irq-crossbar.c
index fc817d2..3d15d16 100644
--- a/drivers/irqchip/irq-crossbar.c
+++ b/drivers/irqchip/irq-crossbar.c
@@ -107,7 +107,7 @@ static int __init crossbar_of_init(struct device_node *node)
int i, size, max, reserved = 0, entry;
const __be32 *irqsr;
- cb = kzalloc(sizeof(struct cb_device *), GFP_KERNEL);
+ cb = kzalloc(sizeof(*cb), GFP_KERNEL);
if (!cb)
return -ENOMEM;
On Thursday 03 April 2014 12:51 PM, Dan Carpenter wrote:
> We are allocating the size of a pointer and not the size of the data.
> This will lead to memory corruption.
>
> There isn't actually a "cb_device" struct, btw. The code is only able
> to compile because GCC knows that all pointers are the same size.
>
> Fixes: 96ca848ef7ea ('DRIVERS: IRQCHIP: CROSSBAR: Add support for Crossbar IP')
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/irqchip/irq-crossbar.c b/drivers/irqchip/irq-crossbar.c
> index fc817d2..3d15d16 100644
> --- a/drivers/irqchip/irq-crossbar.c
> +++ b/drivers/irqchip/irq-crossbar.c
> @@ -107,7 +107,7 @@ static int __init crossbar_of_init(struct device_node *node)
> int i, size, max, reserved = 0, entry;
> const __be32 *irqsr;
>
> - cb = kzalloc(sizeof(struct cb_device *), GFP_KERNEL);
> + cb = kzalloc(sizeof(*cb), GFP_KERNEL);
>
> if (!cb)
> return -ENOMEM;
Yes. correct. Thanks for the catch.
Acked-by: Sricharan R <[email protected]>
Regards,
Sricharan
Commit-ID: 3894e9e82dfdc87fa35dc7976e0472d220228826
Gitweb: http://git.kernel.org/tip/3894e9e82dfdc87fa35dc7976e0472d220228826
Author: Dan Carpenter <[email protected]>
AuthorDate: Thu, 3 Apr 2014 10:21:34 +0300
Committer: Thomas Gleixner <[email protected]>
CommitDate: Mon, 28 Apr 2014 21:43:24 +0200
irqchip: irq-crossbar: Not allocating enough memory
We are allocating the size of a pointer and not the size of the data.
This will lead to memory corruption.
There isn't actually a "cb_device" struct, btw. The code is only able
to compile because GCC knows that all pointers are the same size.
Fixes: 96ca848ef7ea ('DRIVERS: IRQCHIP: CROSSBAR: Add support for Crossbar IP')
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Sricharan R <[email protected]>
Cc: Grant Likely <[email protected]>
Cc: Rob Herring <[email protected]>
Link: http://lkml.kernel.org/r/20140403072134.GA14286@mwanda
Signed-off-by: Thomas Gleixner <[email protected]>
---
drivers/irqchip/irq-crossbar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-crossbar.c b/drivers/irqchip/irq-crossbar.c
index fc817d2..3d15d16 100644
--- a/drivers/irqchip/irq-crossbar.c
+++ b/drivers/irqchip/irq-crossbar.c
@@ -107,7 +107,7 @@ static int __init crossbar_of_init(struct device_node *node)
int i, size, max, reserved = 0, entry;
const __be32 *irqsr;
- cb = kzalloc(sizeof(struct cb_device *), GFP_KERNEL);
+ cb = kzalloc(sizeof(*cb), GFP_KERNEL);
if (!cb)
return -ENOMEM;