lib/scatterlist: error handling in __sg_alloc_table()

I was reviewing code which I suspected might allocate a zero size SG table. That will cause memory corruption. Also we can't return before doing the memset or we could end up using uninitialized memory in the cleanup path. Change-Id: Icee6be8ea22644d7f16264d9d2a0887c7145996b CRs-Fixed: 611562 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Akinobu Mita <akinobu.mita@gmail.com> Cc: Imre Deak <imre.deak@intel.com> Cc: Tejun Heo <tj@kernel.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2013-07-08 16:01:58 -0700
committer: Moyster <oysterized@gmail.com> 2018-11-29 15:18:03 +0100
commit: abf4059571e05d12199ae473bdfd95e6803a7bbf (patch)
tree: 202b60c9703c44018d92075d9b2f301eab2829df /lib
parent: f86db0c1a3a79216ebba4a84ae09f579da96f427 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 3e7df3806..66e665f70 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents,
 	struct scatterlist *sg, *prv;
 	unsigned int left;
 
+       memset(table, 0, sizeof(*table));
+
+       if (nents == 0)
+               return -EINVAL;
 #ifndef ARCH_HAS_SG_CHAIN
 	if (WARN_ON_ONCE(nents > max_ents))
 		return -EINVAL;
 #endif
 
-	memset(table, 0, sizeof(*table));
-
 	left = nents;
 	prv = NULL;
 	do {
author	Dan Carpenter <dan.carpenter@oracle.com>	2013-07-08 16:01:58 -0700
committer	Moyster <oysterized@gmail.com>	2018-11-29 15:18:03 +0100
commit	abf4059571e05d12199ae473bdfd95e6803a7bbf (patch)
tree	202b60c9703c44018d92075d9b2f301eab2829df /lib
parent	f86db0c1a3a79216ebba4a84ae09f579da96f427 (diff)