On Sun, Jun 24, 2018 at 11:23:47AM +0300, Leon Romanovsky wrote: > From: Leon Romanovsky <leo...@mellanox.com> > > Number of specs is provided by user and in valid case can be equal to zero. > Such argument causes to call to kcalloc() with zero-length request and in > return the ZERO_SIZE_PTR is assigned. This pointer is different from NULL > and makes various if (..) checks to success.
The one seems really weird. There is nothing wrong with ZERO_SIZE_PTR, but this description and fix suggest that something did ptr = kalloc(0); ptr[0] = ...; Which is not allowed of course. Doesn't this mean there is also a missing range check someplace? Jason
