From: Takashi Iwai Date: Sat, 19 Jan 2008 09:33:07 +0000 (+0100) Subject: [ALSA] emu10k1 - Fix over-sized kmalloc for TLV X-Git-Tag: 2.1b_release~22114^2~76 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6735e5723b5b4bc9bc0a24a841fbd0f2e7944b3f;p=platform%2Fkernel%2Fkernel-mfld-blackbay.git [ALSA] emu10k1 - Fix over-sized kmalloc for TLV Reported by Al Viro: In copy_tlv(), the size of kmalloc is wrongly calculated. Signed-off-by: Takashi Iwai Signed-off-by: Jaroslav Kysela --- diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c index c35d9e1..354a892 100644 --- a/sound/pci/emu10k1/emufx.c +++ b/sound/pci/emu10k1/emufx.c @@ -665,7 +665,7 @@ static unsigned int *copy_tlv(const unsigned int __user *_tlv) return NULL; if (data[1] >= MAX_TLV_SIZE) return NULL; - tlv = kmalloc(data[1] * 4 + sizeof(data), GFP_KERNEL); + tlv = kmalloc(data[1] + sizeof(data), GFP_KERNEL); if (!tlv) return NULL; memcpy(tlv, data, sizeof(data));