From ad4e08fe32afe7574d887cedd29bf75cd787a538 Mon Sep 17 00:00:00 2001
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: Tue, 29 Dec 2015 13:07:50 +0200
Subject: [PATCH] UPSTREAM: device property: avoid allocations of 0 length

Arrays can not have zero elements by definition of the unified device
properties. If such property comes from outside we should not allow it to pass.
Otherwise memory allocation on 0 length will return non-NULL value, which we
currently don't check.

Prevent memory allocations of 0 length.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
(cherry picked from commit f6740c1899d2ee2c4c9ec5301d4b712d4e706a79)
from v4.5-rc1

BUG=b:62359918
TEST=No regression in camera functionality
TEST=Kernel builds and boots

Change-Id: I1e297ee59746f1a152600aeae096a807fcb6a868
Signed-off-by: Nathan Ciobanu <nathan.d.ciobanu@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/528507
Commit-Ready: Nathan D Ciobanu <nathan.d.ciobanu@intel.com>
Tested-by: Yong Zhi <yong.zhi@intel.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Signed-off-by: Jacob Chen <jacob2.chen@rock-chips.com>
---
 drivers/base/property.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/base/property.c b/drivers/base/property.c
index db7dad708973..17a003a33844 100644
--- a/drivers/base/property.c
+++ b/drivers/base/property.c
@@ -653,6 +653,9 @@ int fwnode_property_match_string(struct fwnode_handle *fwnode,
 	if (nval < 0)
 		return nval;
 
+	if (nval == 0)
+		return -ENODATA;
+
 	values = kcalloc(nval, sizeof(*values), GFP_KERNEL);
 	if (!values)
 		return -ENOMEM;
@@ -718,6 +721,9 @@ static int pset_copy_entry(struct property_entry *dst,
 		return -ENOMEM;
 
 	if (src->is_array) {
+		if (!src->length)
+			return -ENODATA;
+
 		if (src->is_string) {
 			nval = src->length / sizeof(const char *);
 			dst->pointer.str = kcalloc(nval, sizeof(const char *),