[patch] lib/scatterlist: error handling in __sg_alloc_table()

Dan Carpenter Thu, 20 Jun 2013 01:13:21 -0700

I was reviewing code which I suspected might allocate a zero size SG
table.  That will cause memory corruption.  Also we can't return before
doing the memset or we could end up using uninitialized memory in the
cleanup path.


Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index a1cf8ca..d39178b 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int 
nents,
        struct scatterlist *sg, *prv;
        unsigned int left;
 
+       memset(table, 0, sizeof(*table));
+
+       if (nents == 0)
+               return -EINVAL;
 #ifndef ARCH_HAS_SG_CHAIN
        if (WARN_ON_ONCE(nents > max_ents))
                return -EINVAL;
 #endif
 
-       memset(table, 0, sizeof(*table));
-
        left = nents;
        prv = NULL;
        do {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[patch] lib/scatterlist: error handling in __sg_alloc_table()

Reply via email to