Skip to content
Commit e424fb8c authored by Xi Wang's avatar Xi Wang Committed by Matthew Garrett
Browse files

panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()



num_sifr could go negative since acpi_pcc_get_sqty() returns -EINVAL
on error.  Then it could bypass the sanity check (num_sifr > 255).
The subsequent call to kzalloc() would allocate a small buffer, leading
to a memory corruption.

Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
Signed-off-by: default avatarMatthew Garrett <mjg@redhat.com>
parent 461e7437
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment