* [PATCH] ACPICA: fixup after acpi_get_object_info() change
@ 2009-08-31 22:20 Bjorn Helgaas
2009-08-31 22:22 ` Bjorn Helgaas
0 siblings, 1 reply; 2+ messages in thread
From: Bjorn Helgaas @ 2009-08-31 22:20 UTC (permalink / raw)
To: Len Brown; +Cc: linux-acpi
Commit 15b8dd53f5ffa changed info->hardware_id from a static array to
a pointer. If hardware_id is non-NULL, it points to a NULL-terminated
string, so we don't need to terminate it explicitly. However, it may
be NULL; in that case, we *can't* add a NULL terminator.
This causes a NULL pointer dereference oops for devices without _HID.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
CC: Lin Ming <ming.m.lin@intel.com>
CC: Bob Moore <robert.moore@intel.com>
CC: Gary Hade <garyhade@us.ibm.com>
---
drivers/pci/hotplug/acpiphp_ibm.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
index a9d926b..e7be66d 100644
--- a/drivers/pci/hotplug/acpiphp_ibm.c
+++ b/drivers/pci/hotplug/acpiphp_ibm.c
@@ -406,7 +406,6 @@ static acpi_status __init ibm_find_acpi_device(acpi_handle handle,
__func__, status);
return retval;
}
- info->hardware_id.string[sizeof(info->hardware_id.length) - 1] = '\0';
if (info->current_status && (info->valid & ACPI_VALID_HID) &&
(!strcmp(info->hardware_id.string, IBM_HARDWARE_ID1) ||
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ACPICA: fixup after acpi_get_object_info() change
2009-08-31 22:20 [PATCH] ACPICA: fixup after acpi_get_object_info() change Bjorn Helgaas
@ 2009-08-31 22:22 ` Bjorn Helgaas
0 siblings, 0 replies; 2+ messages in thread
From: Bjorn Helgaas @ 2009-08-31 22:22 UTC (permalink / raw)
To: Len Brown; +Cc: linux-acpi, Lin Ming, Bob Moore, Gary Hade
Oops, I meant to CC you guys, but forgot. 15b8dd53f5ffa is in
acpi-test, but not upstream yet.
On Monday 31 August 2009 04:20:00 pm Bjorn Helgaas wrote:
> Commit 15b8dd53f5ffa changed info->hardware_id from a static array to
> a pointer. If hardware_id is non-NULL, it points to a NULL-terminated
> string, so we don't need to terminate it explicitly. However, it may
> be NULL; in that case, we *can't* add a NULL terminator.
>
> This causes a NULL pointer dereference oops for devices without _HID.
>
> Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
> CC: Lin Ming <ming.m.lin@intel.com>
> CC: Bob Moore <robert.moore@intel.com>
> CC: Gary Hade <garyhade@us.ibm.com>
> ---
> drivers/pci/hotplug/acpiphp_ibm.c | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
> index a9d926b..e7be66d 100644
> --- a/drivers/pci/hotplug/acpiphp_ibm.c
> +++ b/drivers/pci/hotplug/acpiphp_ibm.c
> @@ -406,7 +406,6 @@ static acpi_status __init ibm_find_acpi_device(acpi_handle handle,
> __func__, status);
> return retval;
> }
> - info->hardware_id.string[sizeof(info->hardware_id.length) - 1] = '\0';
>
> if (info->current_status && (info->valid & ACPI_VALID_HID) &&
> (!strcmp(info->hardware_id.string, IBM_HARDWARE_ID1) ||
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-08-31 22:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-31 22:20 [PATCH] ACPICA: fixup after acpi_get_object_info() change Bjorn Helgaas
2009-08-31 22:22 ` Bjorn Helgaas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox