On 10/06/2017 08:19 PM, Matt Fleming wrote:
On Sat, 30 Sep, at 11:17:32AM, Dan Carpenter wrote:
If "qcaps.capsule_count" is ULONG_MAX then "qcaps.capsule_count + 1"
will overflow to zero and kcalloc() will return the ZERO_SIZE_PTR. We
try to dereference it inside the loop and crash.
Fixes: f
On 05/06/2017 04:53 AM, Matt Fleming wrote:
On Sat, 29 Apr, at 09:42:52AM, Geliang Tang wrote:
Use memdup_user() helper instead of open-coding to simplify the code.
Signed-off-by: Geliang Tang
---
drivers/firmware/efi/test/efi_test.c | 11 +++
1 file changed, 3 insertions(+), 8 dele
On 04/29/2017 09:42 AM, Geliang Tang wrote:
Drop useless kfree when memdup_user() failed, since we have already
called kfree in memdup_user().
Signed-off-by: Geliang Tang
---
drivers/firmware/efi/test/efi_test.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers
