Commit 98934def authored by William Lee Irwin III's avatar William Lee Irwin III Committed by Len Brown

ACPI: video_device_list corruption

The ->cap fields of struct acpi_video_device and struct acpi_video_bus
are 1B each, not 4B. The oversized memset()'s corrupted the subsequent
list_head fields. This resulted in silent corruption without
CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass
the proper bounds to the memset() calls and thereby correct the bugs.
Signed-off-by: default avatarWilliam Irwin <wli@holomorphy.com>
Acked-by: default avatarMikael Pettersson <mikpe@it.uu.se>
Signed-off-by: default avatarLen Brown <len.brown@intel.com>
parent da8cadb3
...@@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device) ...@@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device)
struct acpi_video_device_brightness *br = NULL; struct acpi_video_device_brightness *br = NULL;
memset(&device->cap, 0, 4); memset(&device->cap, 0, sizeof(device->cap));
if (ACPI_SUCCESS(acpi_get_handle(device->dev->handle, "_ADR", &h_dummy1))) { if (ACPI_SUCCESS(acpi_get_handle(device->dev->handle, "_ADR", &h_dummy1))) {
device->cap._ADR = 1; device->cap._ADR = 1;
...@@ -697,7 +697,7 @@ static void acpi_video_bus_find_cap(struct acpi_video_bus *video) ...@@ -697,7 +697,7 @@ static void acpi_video_bus_find_cap(struct acpi_video_bus *video)
{ {
acpi_handle h_dummy1; acpi_handle h_dummy1;
memset(&video->cap, 0, 4); memset(&video->cap, 0, sizeof(video->cap));
if (ACPI_SUCCESS(acpi_get_handle(video->device->handle, "_DOS", &h_dummy1))) { if (ACPI_SUCCESS(acpi_get_handle(video->device->handle, "_DOS", &h_dummy1))) {
video->cap._DOS = 1; video->cap._DOS = 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment