Commit 18f35760 authored by Hugh Dickins's avatar Hugh Dickins Committed by James Toy

acpi_device->pnp.hardware_id and unique_id are now allocated pointers,

replacing the previous arrays.  acpi_device_install_notify_handler()
oopsed on the NULL hid when probing the video device, and perhaps other
uses are vulnerable too.  So initialize those pointers to empty strings
when there is no hid or uid.  Also, free hardware_id and unique_id when
when acpi_device is going to be freed.
Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: default avatarLin Ming <ming.m.lin@intel.com>
Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 20c4c0f8
...@@ -309,6 +309,10 @@ static void acpi_device_release(struct device *dev) ...@@ -309,6 +309,10 @@ static void acpi_device_release(struct device *dev)
struct acpi_device *acpi_dev = to_acpi_device(dev); struct acpi_device *acpi_dev = to_acpi_device(dev);
kfree(acpi_dev->pnp.cid_list); kfree(acpi_dev->pnp.cid_list);
if (acpi_dev->flags.hardware_id)
kfree(acpi_dev->pnp.hardware_id);
if (acpi_dev->flags.unique_id)
kfree(acpi_dev->pnp.unique_id);
kfree(acpi_dev); kfree(acpi_dev);
} }
...@@ -1132,8 +1136,9 @@ static void acpi_device_set_id(struct acpi_device *device, ...@@ -1132,8 +1136,9 @@ static void acpi_device_set_id(struct acpi_device *device,
strcpy(device->pnp.hardware_id, hid); strcpy(device->pnp.hardware_id, hid);
device->flags.hardware_id = 1; device->flags.hardware_id = 1;
} }
} else }
device->pnp.hardware_id = NULL; if (!device->flags.hardware_id)
device->pnp.hardware_id = "";
if (uid) { if (uid) {
device->pnp.unique_id = ACPI_ALLOCATE_ZEROED(strlen (uid) + 1); device->pnp.unique_id = ACPI_ALLOCATE_ZEROED(strlen (uid) + 1);
...@@ -1141,8 +1146,9 @@ static void acpi_device_set_id(struct acpi_device *device, ...@@ -1141,8 +1146,9 @@ static void acpi_device_set_id(struct acpi_device *device,
strcpy(device->pnp.unique_id, uid); strcpy(device->pnp.unique_id, uid);
device->flags.unique_id = 1; device->flags.unique_id = 1;
} }
} else }
device->pnp.unique_id = NULL; if (!device->flags.unique_id)
device->pnp.unique_id = "";
if (cid_list || cid_add) { if (cid_list || cid_add) {
struct acpica_device_id_list *list; struct acpica_device_id_list *list;
...@@ -1357,10 +1363,8 @@ acpi_add_single_object(struct acpi_device **child, ...@@ -1357,10 +1363,8 @@ acpi_add_single_object(struct acpi_device **child,
end: end:
if (!result) if (!result)
*child = device; *child = device;
else { else
kfree(device->pnp.cid_list); acpi_device_release(&device->dev);
kfree(device);
}
return result; return result;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment