diff options
author | Nikita Kiryushin <kiryushin@ancud.ru> | 2024-03-22 21:07:53 +0300 |
---|---|---|
committer | Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 2024-03-26 13:06:47 +0100 |
commit | 40e2710860e57411ab57a1529c5a2748abbe8a19 (patch) | |
tree | 6141aaa7883a6147dde4438a03b3f40c1855ff90 /drivers/acpi/acpica | |
parent | 4cece764965020c22cff7665b18a012006359095 (diff) | |
download | linux-40e2710860e57411ab57a1529c5a2748abbe8a19.tar.gz linux-40e2710860e57411ab57a1529c5a2748abbe8a19.tar.bz2 linux-40e2710860e57411ab57a1529c5a2748abbe8a19.zip |
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
ACPICA commit 9061cd9aa131205657c811a52a9f8325a040c6c9
Errors in acpi_evaluate_object() can lead to incorrect state of buffer.
This can lead to access to data in previously ACPI_FREEd buffer and
secondary ACPI_FREE to the same buffer later.
Handle errors in acpi_evaluate_object the same way it is done earlier
with acpi_ns_handle_to_pathname.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Link: https://github.com/acpica/acpica/commit/9061cd9a
Fixes: 5fd033288a86 ("ACPICA: debugger: add command to dump all fields of particular subtype")
Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'drivers/acpi/acpica')
-rw-r--r-- | drivers/acpi/acpica/dbnames.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/acpi/acpica/dbnames.c b/drivers/acpi/acpica/dbnames.c index b91155ea9c34..c9131259f717 100644 --- a/drivers/acpi/acpica/dbnames.c +++ b/drivers/acpi/acpica/dbnames.c @@ -550,8 +550,12 @@ acpi_db_walk_for_fields(acpi_handle obj_handle, ACPI_FREE(buffer.pointer); buffer.length = ACPI_ALLOCATE_LOCAL_BUFFER; - acpi_evaluate_object(obj_handle, NULL, NULL, &buffer); - + status = acpi_evaluate_object(obj_handle, NULL, NULL, &buffer); + if (ACPI_FAILURE(status)) { + acpi_os_printf("Could Not evaluate object %p\n", + obj_handle); + return (AE_OK); + } /* * Since this is a field unit, surround the output in braces */ |