lib/scatterlist: error handling in __sg_alloc_table()

I was reviewing code which I suspected might allocate a zero size SG table. That will cause memory corruption. Also we can't return before doing the memset or we could end up using uninitialized memory in the cleanup path. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Akinobu Mita <akinobu.mita@gmail.com> Cc: Imre Deak <imre.deak@intel.com> Cc: Tejun Heo <tj@kernel.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2013-07-08 19:01:58 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-07-09 13:33:31 -0400
commit: 27daabd9b6a157c34a6e7a7f509fa26866e6420f (patch)
tree: 349a1b1641ac497a3c999e1524dd39812f93a6b4 /lib
parent: a451751172b39702e94c683882ab01d816b673c7 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 129a82f707df..a685c8a79578 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents,
        struct scatterlist *sg, *prv;
        unsigned int left;
+        memset(table, 0, sizeof(*table));
+        if (nents == 0)
+                return -EINVAL;
 #ifndef ARCH_HAS_SG_CHAIN
        if (WARN_ON_ONCE(nents > max_ents))
                return -EINVAL;
 #endif
-        memset(table, 0, sizeof(*table));
        left = nents;
        prv = NULL;
        do {
author	Dan Carpenter <dan.carpenter@oracle.com>	2013-07-08 19:01:58 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-07-09 13:33:31 -0400
commit	27daabd9b6a157c34a6e7a7f509fa26866e6420f (patch)
tree	349a1b1641ac497a3c999e1524dd39812f93a6b4 /lib
parent	a451751172b39702e94c683882ab01d816b673c7 (diff)