Thread (17 messages) 17 messages, 3 authors, 2017-12-04
STALE3134d

[PATCH 04/11] ACPICA: Avoid null pointer dereference on Op.

From: Erik Schmauss <hidden>
Date: 2017-11-17 23:45:23
Subsystem: acpi, acpi component architecture (acpica), the rest · Maintainers: "Rafael J. Wysocki", Saket Dumbre, Linus Torvalds

From: Colin Ian King <redacted>

ACPICA commit 08a00639b0d6756e8ba1421419fc3728904651d9

The calls to acpi_os_acquire_object can result in a null being assigned
to Op (for example if a mutex acquire fails) which can lead to a
null pointer dereference on Op on the call to ASL_CV_TRANSFER_COMMENTS
(via function cv_transfer_comments). Move the block into the previous
block that checks for a null Op so that we never can call
cv_transfer_comments with a null Op.

Detected by: coverity_scan CID#1371660 ("Dereference after null check")

Link: https://github.com/acpica/acpica/commit/08a00639
Signed-off-by: Colin Ian King <redacted>
Signed-off-by: Bob Moore <redacted>
Signed-off-by: Erik Schmauss <redacted>
---
 drivers/acpi/acpica/psutils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/acpica/psutils.c b/drivers/acpi/acpica/psutils.c
index 02642760cb93..e15b636b1d4b 100644
--- a/drivers/acpi/acpica/psutils.c
+++ b/drivers/acpi/acpica/psutils.c
@@ -158,10 +158,10 @@ union acpi_parse_object *acpi_ps_alloc_op(u16 opcode, u8 *aml)
 		if (opcode == AML_SCOPE_OP) {
 			acpi_gbl_current_scope = op;
 		}
-	}
 
-	if (gbl_capture_comments) {
-		ASL_CV_TRANSFER_COMMENTS(op);
+		if (gbl_capture_comments) {
+			ASL_CV_TRANSFER_COMMENTS(op);
+		}
 	}
 
 	return (op);
-- 
2.13.6
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help