From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBE9DC433EF for ; Wed, 29 Dec 2021 09:41:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235118AbhL2JlN (ORCPT ); Wed, 29 Dec 2021 04:41:13 -0500 Received: from mailgw.kylinos.cn ([123.150.8.42]:48075 "EHLO nksmu.kylinos.cn" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S235116AbhL2JlM (ORCPT ); Wed, 29 Dec 2021 04:41:12 -0500 X-UUID: 89a522aa61814586b5a8a5a2cfb8b7dd-20211229 X-CPASD-INFO: 1cea0e763c304cf6a9061f90561160c4@erOfgV2XZWZfg3V8g6axcIFqYGZhkll _d3BRYmRgj1SVhH5xTWJsXVKBfG5QZWNdYVN_eGpQYl9gZFB5i3-XblBhXoZgUZB3gKWfgWGTZw== X-CPASD-FEATURE: 0.0 X-CLOUD-ID: 1cea0e763c304cf6a9061f90561160c4 X-CPASD-SUMMARY: SIP:-1,APTIP:-2.0,KEY:0.0,FROMBLOCK:1,EXT:0.0,OB:1.0,URL:-5,T VAL:198.0,ESV:0.0,ECOM:-5.0,ML:0.0,FD:0.0,CUTS:113.0,IP:-2.0,MAL:0.0,ATTNUM:0 .0,PHF:-5.0,PHC:-5.0,SPF:4.0,EDMS:-3,IPLABEL:-2.0,FROMTO:0,AD:0,FFOB:1.0,CFOB :1.0,SPC:0.0,SIG:-5,AUF:70,DUF:28551,ACD:148,DCD:250,SL:0,AG:0,CFC:0.765,CFSR :0.057,UAT:0,RAF:0,VERSION:2.3.4 X-CPASD-ID: 89a522aa61814586b5a8a5a2cfb8b7dd-20211229 X-CPASD-BLOCK: 1000 X-CPASD-STAGE: 1, 1 X-UUID: 89a522aa61814586b5a8a5a2cfb8b7dd-20211229 X-User: shenzijun@kylinos.cn Received: from localhost.localdomain.localdomain [(172.17.127.14)] by nksmu.kylinos.cn (envelope-from ) (Generic MTA) with ESMTP id 1016694055; Wed, 29 Dec 2021 17:53:36 +0800 From: shenzijun To: robert.moore@intel.com, rafael.j.wysocki@intel.com, lenb@kernel.org Cc: linux-acpi@vger.kernel.org, devel@acpica.org, linux-kernel@vger.kernel.org, jinzi120021@sina.com Subject: [PATCH] ACPICA: DEBUGGER: Add return value check to acpi_db_walk_for_fields() Date: Thu, 30 Dec 2021 01:40:58 +0800 Message-Id: <20211229174058.11350-1-shenzijun@kylinos.cn> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-acpi@vger.kernel.org From: Zijun Shen The function acpi_db_walk_for_fields frees buffer.pointer by the first ACPI_FREE. And then uses the second ACPI_FREE to free buffer.pointer which may assigns again in acpi_evaluate_object. It's necessary to make sure that buffer.pointer get a block of memory in acpi_evaluate_object and acpi_evaluate_object return 0. Signed-off-by: Zijun Shen --- drivers/acpi/acpica/dbnames.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dbnames.c b/drivers/acpi/acpica/dbnames.c index 3615e1a6efd8..7a2d980cb2b8 100644 --- a/drivers/acpi/acpica/dbnames.c +++ b/drivers/acpi/acpica/dbnames.c @@ -550,7 +550,10 @@ acpi_db_walk_for_fields(acpi_handle obj_handle, ACPI_FREE(buffer.pointer); buffer.length = ACPI_ALLOCATE_LOCAL_BUFFER; - acpi_evaluate_object(obj_handle, NULL, NULL, &buffer); + status = acpi_evaluate_object(obj_handle, NULL, NULL, &buffer); + if (ACPI_FAILURE(status)) { + return (AE_OK); + } /* * Since this is a field unit, surround the output in braces -- 2.31.1