lib/scatterlist: error handling in __sg_alloc_table()

I was reviewing code which I suspected might allocate a zero size SG
table.  That will cause memory corruption.  Also we can't return before
doing the memset or we could end up using uninitialized memory in the
cleanup path.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Imre Deak <imre.deak@intel.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 129a82f707df9b08d7c8e777561fca30c579816c..a685c8a79578b274cb361d442b953507e58d7d63 100644 (file)
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents,
        struct scatterlist *sg, *prv;
        unsigned int left;
 
+       memset(table, 0, sizeof(*table));
+
+       if (nents == 0)
+               return -EINVAL;
 #ifndef ARCH_HAS_SG_CHAIN
        if (WARN_ON_ONCE(nents > max_ents))
                return -EINVAL;
 #endif
 
-       memset(table, 0, sizeof(*table));
-
        left = nents;
        prv = NULL;
        do {