@@ -329,13 +329,24 @@ static void __init handle_dmi_entry(const struct dmi_header *dm,
if (results->err || results->keymap)
return; /* We already found the hotkey table. */
- if (dm->type != 0xb2 || dm->length <= 6)
+ if (dm->type != 0xb2)
return;
table = container_of(dm, struct dell_bios_hotkey_table, header);
- hotkey_num = (table->header.length - 4) /
+ hotkey_num = (table->header.length -
+ sizeof(struct dell_bios_hotkey_table)) /
sizeof(struct dell_bios_keymap_entry);
+ if (hotkey_num < 1) {
+ /*
+ * Historically, dell-wmi would ignore a DMI entry of
+ * fewer than 7 bytes. Sizes between 4 and 8 bytes are
+ * nonsensical (both the header and all entries are 4
+ * bytes), so we approximate the old behavior by
+ * ignoring tables with fewer than one entry.
+ */
+ return;
+ }
keymap = kcalloc(hotkey_num + 1, sizeof(struct key_entry), GFP_KERNEL);
if (!keymap) {
Checking the table for a minimum size of 7 bytes makes no sense: any valid hotkey table has a size that's a multiple of 4. Clean this up: replace the hardcoded header length with a sizeof and change the check to ignore an empty hotkey table. The only behavior change is that a 7-byte table (which is nonsensical) will now be treated as absent instead of as valid but empty. Reported-by: Jean Delvare <jdelvare@suse.de> Signed-off-by: Andy Lutomirski <luto@kernel.org> --- Changes from v2: - Total rewrite. drivers/platform/x86/dell-wmi.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)