Re: sizeof(ptr) or sizeof(*ptr)?

From: Paulo Marques
Date: Tue Mar 08 2005 - 08:23:49 EST

Next message: Joshua Jackson: "Re: [0/many] Acrypto - asynchronous crypto layer for linux kernel 2.6"
Previous message: Alan Cox: "PATCH: Ressurrect the esp serial driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Morton wrote:

"" <pmarques@xxxxxxxxxxxx> wrote:

Anyway, after improving the tool and checking for false positives, there is only
one more suspicious piece of code in drivers/acpi/video.c:561

status = acpi_video_device_lcd_query_levels(device, &obj);

if (obj && obj->type == ACPI_TYPE_PACKAGE && obj->package.count >= 2) {
int count = 0;
union acpi_object *o;

br = kmalloc(sizeof &br, GFP_KERNEL);

yup, bug.

if (!br) {
printk(KERN_ERR "can't allocate memory\n");
} else {
memset(br, 0, sizeof &br);
br->levels = kmalloc(obj->package.count * sizeof &br->levels, GFP_KERNEL);

And another one, although it happens to work out OK.

I'll get these all fixed up, thanks.

I just checked the 2.6.11-mm1 release and this is only half-fixed there, and it is the worst of both halves: the kmalloc only mallocs the size of a pointer, but the memset is fixed, so it memset's the size of a structure (oops). This is partially my fault for not sending the patch in the first place, together with the bug report.

The attached patch against 2.6.11-mm1 should fix the kmalloc.

By the way, I haven't got any response from an alsa developer about the bug in sound/core/control.c, but this is already fixed in 2.6.11-mm1, along with several other changes to that file. So the status is: it was a bug, but it is already fixed :)

--
Paulo Marques - www.grupopie.com

All that is necessary for the triumph of evil is that good men do nothing.
Edmund Burke (1729 - 1797)
--- ./drivers/acpi/video.c.orig 2005-03-08 13:07:42.000000000 +0000
+++ ./drivers/acpi/video.c 2005-03-08 13:09:05.000000000 +0000
@@ -564,11 +564,11 @@ acpi_video_device_find_cap (struct acpi_
int count = 0;
union acpi_object *o;

- br = kmalloc(sizeof &br, GFP_KERNEL);
+ br = kmalloc(sizeof(*br), GFP_KERNEL);
if (!br) {
printk(KERN_ERR "can't allocate memory\n");
} else {
- memset(br, 0, sizeof *br);
+ memset(br, 0, sizeof(*br));
br->levels = kmalloc(obj->package.count *
sizeof *(br->levels), GFP_KERNEL);
if (!br->levels)

Next message: Joshua Jackson: "Re: [0/many] Acrypto - asynchronous crypto layer for linux kernel 2.6"
Previous message: Alan Cox: "PATCH: Ressurrect the esp serial driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]