dma: bcm6348: incorrect buffer allocation

Calling calloc() for 0 members does not make any sense.
Setting ch_priv->busy_desc = NULL for ch_priv->desc_cnt > 0 is equally
unreasonable.

The current code will lead to a NULL dereference in bcm6348_iudma_enable().

The assignments for ch_priv->busy_desc are obviously swapped.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/drivers/dma/bcm6348-iudma.c b/drivers/dma/bcm6348-iudma.c
index 9857760..c04aa55 100644 (file)
--- a/drivers/dma/bcm6348-iudma.c
+++ b/drivers/dma/bcm6348-iudma.c
@@ -313,10 +313,10 @@ static int bcm6348_iudma_request(struct dma *dma)
        ch_priv->desc_id = 0;
        if (bcm6348_iudma_chan_is_rx(dma->id)) {
                ch_priv->desc_cnt = 0;
-               ch_priv->busy_desc = calloc(ch_priv->desc_cnt, sizeof(bool));
+               ch_priv->busy_desc = NULL;
        } else {
                ch_priv->desc_cnt = ch_priv->dma_ring_size;
-               ch_priv->busy_desc = NULL;
+               ch_priv->busy_desc = calloc(ch_priv->desc_cnt, sizeof(bool));
        }
 
        return 0;