summaryrefslogtreecommitdiff
path: root/drivers/acpi/executer/exoparg2.c
diff options
context:
space:
mode:
authorBob Moore <robert.moore@intel.com>2008-04-10 19:06:37 +0400
committerLen Brown <len.brown@intel.com>2008-04-22 14:29:21 -0400
commit4b6e16cf2bacbf328535097fa74f1494b1873c54 (patch)
tree5b81427d81577d7741d3d17dcc928a770decdbe0 /drivers/acpi/executer/exoparg2.c
parent4e3156b183aa087bc19804b3295c7c1a71f64752 (diff)
downloadlwn-4b6e16cf2bacbf328535097fa74f1494b1873c54.tar.gz
lwn-4b6e16cf2bacbf328535097fa74f1494b1873c54.zip
ACPICA: Avoid use of invalid pointers in returned object field
During operand evaluation, ensure that the ReturnObj field is cleared on error and only valid pointers are stored there. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers/acpi/executer/exoparg2.c')
-rw-r--r--drivers/acpi/executer/exoparg2.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/drivers/acpi/executer/exoparg2.c b/drivers/acpi/executer/exoparg2.c
index 17e652e65379..81c02b12d3f2 100644
--- a/drivers/acpi/executer/exoparg2.c
+++ b/drivers/acpi/executer/exoparg2.c
@@ -241,10 +241,6 @@ acpi_status acpi_ex_opcode_2A_2T_1R(struct acpi_walk_state *walk_state)
goto cleanup;
}
- /* Return the remainder */
-
- walk_state->result_obj = return_desc1;
-
cleanup:
/*
* Since the remainder is not returned indirectly, remove a reference to
@@ -259,6 +255,12 @@ acpi_status acpi_ex_opcode_2A_2T_1R(struct acpi_walk_state *walk_state)
acpi_ut_remove_reference(return_desc1);
}
+ /* Save return object (the remainder) on success */
+
+ else {
+ walk_state->result_obj = return_desc1;
+ }
+
return_ACPI_STATUS(status);
}
@@ -490,6 +492,7 @@ acpi_status acpi_ex_opcode_2A_1T_1R(struct acpi_walk_state *walk_state)
if (ACPI_FAILURE(status)) {
acpi_ut_remove_reference(return_desc);
+ walk_state->result_obj = NULL;
}
return_ACPI_STATUS(status);
@@ -583,8 +586,6 @@ acpi_status acpi_ex_opcode_2A_0T_1R(struct acpi_walk_state *walk_state)
return_desc->integer.value = ACPI_INTEGER_MAX;
}
- walk_state->result_obj = return_desc;
-
cleanup:
/* Delete return object on error */
@@ -593,5 +594,11 @@ acpi_status acpi_ex_opcode_2A_0T_1R(struct acpi_walk_state *walk_state)
acpi_ut_remove_reference(return_desc);
}
+ /* Save return object on success */
+
+ else {
+ walk_state->result_obj = return_desc;
+ }
+
return_ACPI_STATUS(status);
}