aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorHugh Dickins <hugh.dickins@tiscali.co.uk>2009-08-06 19:18:12 -0400
committerLen Brown <len.brown@intel.com>2009-08-31 22:12:03 -0400
commit718fb0de8ff88f71b3b91a8ee8e42e60c88e5128 (patch)
treedf81c64e25966c6956a8c43f3894fc54d16650a3 /drivers
parent49ae80c9944401222e47108883c486b5a5a24006 (diff)
ACPI: fix NULL bug for HID/UID string
acpi_device->pnp.hardware_id and unique_id are now allocated pointers, replacing the previous arrays. acpi_device_install_notify_handler() oopsed on the NULL hid when probing the video device, and perhaps other uses are vulnerable too. So initialize those pointers to empty strings when there is no hid or uid. Also, free hardware_id and unique_id when when acpi_device is going to be freed. http://bugzilla.kernel.org/show_bug.cgi?id=14096 Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/acpi/scan.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 9606af13d3b..dc14421b93f 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -309,6 +309,10 @@ static void acpi_device_release(struct device *dev)
309 struct acpi_device *acpi_dev = to_acpi_device(dev); 309 struct acpi_device *acpi_dev = to_acpi_device(dev);
310 310
311 kfree(acpi_dev->pnp.cid_list); 311 kfree(acpi_dev->pnp.cid_list);
312 if (acpi_dev->flags.hardware_id)
313 kfree(acpi_dev->pnp.hardware_id);
314 if (acpi_dev->flags.unique_id)
315 kfree(acpi_dev->pnp.unique_id);
312 kfree(acpi_dev); 316 kfree(acpi_dev);
313} 317}
314 318
@@ -1137,8 +1141,9 @@ static void acpi_device_set_id(struct acpi_device *device,
1137 strcpy(device->pnp.hardware_id, hid); 1141 strcpy(device->pnp.hardware_id, hid);
1138 device->flags.hardware_id = 1; 1142 device->flags.hardware_id = 1;
1139 } 1143 }
1140 } else 1144 }
1141 device->pnp.hardware_id = NULL; 1145 if (!device->flags.hardware_id)
1146 device->pnp.hardware_id = "";
1142 1147
1143 if (uid) { 1148 if (uid) {
1144 device->pnp.unique_id = ACPI_ALLOCATE_ZEROED(strlen (uid) + 1); 1149 device->pnp.unique_id = ACPI_ALLOCATE_ZEROED(strlen (uid) + 1);
@@ -1146,8 +1151,9 @@ static void acpi_device_set_id(struct acpi_device *device,
1146 strcpy(device->pnp.unique_id, uid); 1151 strcpy(device->pnp.unique_id, uid);
1147 device->flags.unique_id = 1; 1152 device->flags.unique_id = 1;
1148 } 1153 }
1149 } else 1154 }
1150 device->pnp.unique_id = NULL; 1155 if (!device->flags.unique_id)
1156 device->pnp.unique_id = "";
1151 1157
1152 if (cid_list || cid_add) { 1158 if (cid_list || cid_add) {
1153 struct acpica_device_id_list *list; 1159 struct acpica_device_id_list *list;
@@ -1362,10 +1368,8 @@ acpi_add_single_object(struct acpi_device **child,
1362end: 1368end:
1363 if (!result) 1369 if (!result)
1364 *child = device; 1370 *child = device;
1365 else { 1371 else
1366 kfree(device->pnp.cid_list); 1372 acpi_device_release(&device->dev);
1367 kfree(device);
1368 }
1369 1373
1370 return result; 1374 return result;
1371} 1375}