From 4b6e16cf2bacbf328535097fa74f1494b1873c54 Mon Sep 17 00:00:00 2001 From: Bob Moore Date: Thu, 10 Apr 2008 19:06:37 +0400 Subject: ACPICA: Avoid use of invalid pointers in returned object field During operand evaluation, ensure that the ReturnObj field is cleared on error and only valid pointers are stored there. Signed-off-by: Bob Moore Signed-off-by: Alexey Starikovskiy Signed-off-by: Len Brown --- drivers/acpi/executer/exoparg2.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'drivers/acpi/executer/exoparg2.c') diff --git a/drivers/acpi/executer/exoparg2.c b/drivers/acpi/executer/exoparg2.c index 17e652e65379..81c02b12d3f2 100644 --- a/drivers/acpi/executer/exoparg2.c +++ b/drivers/acpi/executer/exoparg2.c @@ -241,10 +241,6 @@ acpi_status acpi_ex_opcode_2A_2T_1R(struct acpi_walk_state *walk_state) goto cleanup; } - /* Return the remainder */ - - walk_state->result_obj = return_desc1; - cleanup: /* * Since the remainder is not returned indirectly, remove a reference to @@ -259,6 +255,12 @@ acpi_status acpi_ex_opcode_2A_2T_1R(struct acpi_walk_state *walk_state) acpi_ut_remove_reference(return_desc1); } + /* Save return object (the remainder) on success */ + + else { + walk_state->result_obj = return_desc1; + } + return_ACPI_STATUS(status); } @@ -490,6 +492,7 @@ acpi_status acpi_ex_opcode_2A_1T_1R(struct acpi_walk_state *walk_state) if (ACPI_FAILURE(status)) { acpi_ut_remove_reference(return_desc); + walk_state->result_obj = NULL; } return_ACPI_STATUS(status); @@ -583,8 +586,6 @@ acpi_status acpi_ex_opcode_2A_0T_1R(struct acpi_walk_state *walk_state) return_desc->integer.value = ACPI_INTEGER_MAX; } - walk_state->result_obj = return_desc; - cleanup: /* Delete return object on error */ @@ -593,5 +594,11 @@ acpi_status acpi_ex_opcode_2A_0T_1R(struct acpi_walk_state *walk_state) acpi_ut_remove_reference(return_desc); } + /* Save return object on success */ + + else { + walk_state->result_obj = return_desc; + } + return_ACPI_STATUS(status); } -- cgit v1.2.2