on error. Then it could bypass the sanity check (num_sifr > 255). The subsequent call to kzalloc() would allocate a small buffer, leading to a memory corruption. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Matthew Garrett <mjg@redhat.com> num_sifr if(num_sifr>255) ...