staging: tidspbridge/pmgr: additional checking after return from strlen_user

  strlen_user will return the length including final NUL.
    and will return 0 if failed (for example: if user string not NUL terminated)

  so need check whether it is an invalid parameter.

addtional info:
  can reference the comments of strlen_user in lib/strnlen_user.c

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Cc: Omar Ramirez Luna <omar.ramirez@copitl.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/tidspbridge/pmgr/dspapi.c b/drivers/staging/tidspbridge/pmgr/dspapi.c
index 9ef1ad9..5a18a94 100644 (file)
--- a/drivers/staging/tidspbridge/pmgr/dspapi.c
+++ b/drivers/staging/tidspbridge/pmgr/dspapi.c
@@ -414,10 +414,13 @@ u32 mgrwrap_register_object(union trapped_args *args, void *pr_ctxt)
        CP_FM_USR(&uuid_obj, args->args_mgr_registerobject.uuid_obj, status, 1);
        if (status)
                goto func_end;
-       /* path_size is increased by 1 to accommodate NULL */
        path_size = strlen_user((char *)
-                               args->args_mgr_registerobject.sz_path_name) +
-           1;
+                               args->args_mgr_registerobject.sz_path_name);
+       if (!path_size) {
+               status = -EINVAL;
+               goto func_end;
+       }
+
        psz_path_name = kmalloc(path_size, GFP_KERNEL);
        if (!psz_path_name) {
                status = -ENOMEM;