From 26e76e98efe5d5d7bf50766061c3de5de53508b1 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Wed, 19 Sep 2012 11:54:32 +0000 Subject: [PATCH] As a followup to r234501, ensure that the native ioctl path always allocates a 4kb buffer if a request uses a buffer size of 0. (The Linux ioctl path already did this.) PR: kern/155658 Submitted by: Andreas Longwitz MFC after: 1 week --- sys/dev/amr/amr.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/sys/dev/amr/amr.c b/sys/dev/amr/amr.c index de91c3ef023..6c7d2ea9870 100644 --- a/sys/dev/amr/amr.c +++ b/sys/dev/amr/amr.c @@ -846,11 +846,8 @@ amr_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int32_t flag, struct threa /* handle inbound data buffer */ real_length = amr_ioctl_buffer_length(au_length); + dp = malloc(real_length, M_AMR, M_WAITOK|M_ZERO); if (au_length != 0 && au_cmd[0] != 0x06) { - if ((dp = malloc(real_length, M_AMR, M_WAITOK|M_ZERO)) == NULL) { - error = ENOMEM; - goto out; - } if ((error = copyin(au_buffer, dp, au_length)) != 0) { free(dp, M_AMR); return (error); @@ -920,8 +917,7 @@ amr_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int32_t flag, struct threa error = copyout(dp, au_buffer, au_length); } debug(2, "copyout %ld bytes from %p -> %p", au_length, dp, au_buffer); - if (dp != NULL) - debug(2, "%p status 0x%x", dp, ac->ac_status); + debug(2, "%p status 0x%x", dp, ac->ac_status); *au_statusp = ac->ac_status; out: