* [PATCH 1/1] ACPI/nfit: avoid accessing uninitialized memory in acpi_nfit_ctl()
@ 2020-11-18 7:35 Zhen Lei
2020-11-18 8:08 ` Dan Williams
0 siblings, 1 reply; 2+ messages in thread
From: Zhen Lei @ 2020-11-18 7:35 UTC (permalink / raw)
To: Dan Williams, Vishal Verma, Dave Jiang, Ira Weiny,
Rafael J . Wysocki, Len Brown, linux-nvdimm, linux-acpi,
linux-kernel
Cc: Zhen Lei
The ACPI_ALLOCATE() does not zero the "buf", so when the condition
"integer->type != ACPI_TYPE_INTEGER" in int_to_buf() is met, the result
is unpredictable in acpi_nfit_ctl().
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
drivers/acpi/nfit/core.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 442608220b5c..cda7b6c52504 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -282,18 +282,19 @@ static union acpi_object *pkg_to_buf(union acpi_object *pkg)
static union acpi_object *int_to_buf(union acpi_object *integer)
{
- union acpi_object *buf = ACPI_ALLOCATE(sizeof(*buf) + 4);
+ union acpi_object *buf = NULL;
void *dst = NULL;
- if (!buf)
- goto err;
-
if (integer->type != ACPI_TYPE_INTEGER) {
WARN_ONCE(1, "BIOS bug, unexpected element type: %d\n",
integer->type);
goto err;
}
+ buf = ACPI_ALLOCATE(sizeof(*buf) + 4);
+ if (!buf)
+ goto err;
+
dst = buf + 1;
buf->type = ACPI_TYPE_BUFFER;
buf->buffer.length = 4;
--
2.26.0.106.g9fadedd
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] ACPI/nfit: avoid accessing uninitialized memory in acpi_nfit_ctl()
2020-11-18 7:35 [PATCH 1/1] ACPI/nfit: avoid accessing uninitialized memory in acpi_nfit_ctl() Zhen Lei
@ 2020-11-18 8:08 ` Dan Williams
0 siblings, 0 replies; 2+ messages in thread
From: Dan Williams @ 2020-11-18 8:08 UTC (permalink / raw)
To: Zhen Lei
Cc: Vishal Verma, Dave Jiang, Ira Weiny, Rafael J . Wysocki,
Len Brown, linux-nvdimm, linux-acpi, linux-kernel
On Tue, Nov 17, 2020 at 11:36 PM Zhen Lei <thunder.leizhen@huawei.com> wrote:
>
> The ACPI_ALLOCATE() does not zero the "buf", so when the condition
> "integer->type != ACPI_TYPE_INTEGER" in int_to_buf() is met, the result
> is unpredictable in acpi_nfit_ctl().
>
> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Looks good to me.
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
I'll pick this up.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-18 8:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-18 7:35 [PATCH 1/1] ACPI/nfit: avoid accessing uninitialized memory in acpi_nfit_ctl() Zhen Lei
2020-11-18 8:08 ` Dan Williams
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).