On Mon, 24 Dec 2018 09:42:48 +0100, huang.zijiang wrote:
From: "huang.zijiang" huang.zijiang@zte.com.cn
kmemdup has implemented the function that kmalloc() and memcpy().
Signed-off-by: huang.zijiang huang.zijiang@zte.com.cn
sound/pci/emu10k1/emufx.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c index 6ebe817..b4fe4c5 100644 --- a/sound/pci/emu10k1/emufx.c +++ b/sound/pci/emu10k1/emufx.c @@ -671,10 +671,9 @@ static unsigned int *copy_tlv(const unsigned int __user *_tlv, bool in_kernel) return NULL; if (data[1] >= MAX_TLV_SIZE) return NULL;
- tlv = kmalloc(data[1] + sizeof(data), GFP_KERNEL);
- tlv = kmemdup(data, data[1] + sizeof(data), GFP_KERNEL); if (!tlv) return NULL;
- memcpy(tlv, data, sizeof(data));
These changes are not equivalent, and rather dangerous, unfortunately. The memcpy() performs only for sizeof(data), and in this case, it's not the same size as the allocation above.
thanks,
Takashi