[PATCH 6/6] isdn/gigaset: fix zero size border case in debug dump

[PATCH 0/6] ISDN patches for net-next · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 6/6] isdn/gigaset: fix zero size border case in debug dump · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 2/6] isdn/gigaset: leave DLE mode before hanging up · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 4/6] isdn/gigaset: beautify common.c · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 5/6] isdn/gigaset: beautify ev-layer.c · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 1/6] isdn/divert: fix readability damage · Tilman Schmidt <hidden> · 2013-01-21
[PATCH 3/6] isdn/gigaset: beautify interface.c · Tilman Schmidt <hidden> · 2013-01-21
Re: [PATCH 0/6] ISDN patches for net-next · David Miller <davem@davemloft.net> · 2013-01-21
Re: [PATCH 0/6] ISDN patches for net-next · Tilman Schmidt <hidden> · 2013-01-22

STALE4885d

Revisions (2)

2012-04-25 v1 [diff vs current]
2013-01-21 v1 current

From: Tilman Schmidt <hidden>
Date: 2013-01-21 22:26:37
Also in: lkml
Subsystem: the rest · Maintainer: Linus Torvalds

If subtracting 12 from l leaves zero we'd do a zero size allocation,
leading to an oops later when we try to set the NUL terminator.

Reported-by: Dan Carpenter <redacted>
Signed-off-by: Tilman Schmidt <redacted>
CC: stable <stable@kernel.org>
---
 drivers/isdn/gigaset/capi.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
index 68452b7..03a0a01 100644
--- a/drivers/isdn/gigaset/capi.c
+++ b/drivers/isdn/gigaset/capi.c

@@ -248,6 +248,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag,
 		CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l,
 		CAPIMSG_CONTROL(data));
 	l -= 12;
+	if (l <= 0)
+		return;
 	dbgline = kmalloc(3 * l, GFP_ATOMIC);
 	if (!dbgline)
 		return;

-- 
1.7.3.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help