On Mon, 24 Dec 2018 09:42:48 +0100, huang.zijiang wrote: > > From: "huang.zijiang" <[email protected]> > > kmemdup has implemented the function that kmalloc() and memcpy(). > > Signed-off-by: huang.zijiang <[email protected]> > --- > sound/pci/emu10k1/emufx.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c > index 6ebe817..b4fe4c5 100644 > --- a/sound/pci/emu10k1/emufx.c > +++ b/sound/pci/emu10k1/emufx.c > @@ -671,10 +671,9 @@ static unsigned int *copy_tlv(const unsigned int __user > *_tlv, bool in_kernel) > return NULL; > if (data[1] >= MAX_TLV_SIZE) > return NULL; > - tlv = kmalloc(data[1] + sizeof(data), GFP_KERNEL); > + tlv = kmemdup(data, data[1] + sizeof(data), GFP_KERNEL); > if (!tlv) > return NULL; > - memcpy(tlv, data, sizeof(data));
These changes are not equivalent, and rather dangerous, unfortunately. The memcpy() performs only for sizeof(data), and in this case, it's not the same size as the allocation above. thanks, Takashi
