From 442a8037796fa1ac5bac15968f1f447cd8170578 Mon Sep 17 00:00:00 2001
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Date: Tue, 18 Jul 2023 02:28:32 +0000
Subject: [PATCH] dm: virtio-gpu: fix uninitialized memory access

In virtio_gpu_cmd_create_blob() and virtio_gpu_cmd_resource_attach_
backing(), entries may be accessed before initialization. Fix it by
using calloc() to allocate it instead of malloc().

Tracked-On: #8439
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
---
 devicemodel/hw/pci/virtio/virtio_gpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/devicemodel/hw/pci/virtio/virtio_gpu.c b/devicemodel/hw/pci/virtio/virtio_gpu.c
index 8a1f7b55d..61e55c420 100644
--- a/devicemodel/hw/pci/virtio/virtio_gpu.c
+++ b/devicemodel/hw/pci/virtio/virtio_gpu.c
@@ -810,7 +810,7 @@ virtio_gpu_cmd_resource_attach_backing(struct virtio_gpu_command *cmd)
 
 		r2d->iov = iov;
 		r2d->iovcnt = req.nr_entries;
-		entries = malloc(req.nr_entries * sizeof(struct virtio_gpu_mem_entry));
+		entries = calloc(req.nr_entries, sizeof(struct virtio_gpu_mem_entry));
 		if (!entries) {
 			free(iov);
 			resp.type = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
@@ -1256,7 +1256,7 @@ virtio_gpu_cmd_create_blob(struct virtio_gpu_command *cmd)
 	r2d->resource_id = req.resource_id;
 
 	if (req.nr_entries > 0) {
-		entries = malloc(req.nr_entries * sizeof(struct virtio_gpu_mem_entry));
+		entries = calloc(req.nr_entries, sizeof(struct virtio_gpu_mem_entry));
 		if (!entries) {
 			pr_err("%s : memory allocation for entries failed.\n", __func__);
 			free(r2d);