Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / f953529f3b659a72c0982c2cf195158db96361f1^! / . / drivers / acpi / acpica / nsobject.c
commitf953529f3b659a72c0982c2cf195158db96361f1[log] [tgz]
authorBob Moore <robert.moore@intel.com>Wed Feb 26 10:33:47 2014 +0800
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>Tue Mar 18 01:52:18 2014 +0100
tree48eeb4fe487c2c0c82add70e8b71edea9a14f37d
parenta487af33a4f0f5ced860ab18c4a740b97b435a3e [diff] [blame]
ACPICA: Prevent infinite loops when traversing corrupted lists.

This change hardens the ACPICA code to detect circular linked object
lists and prevent an infinite loop if such corruption exists.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c
index 32845b1..fe54a8c 100644
--- a/drivers/acpi/acpica/nsobject.c
+++ b/drivers/acpi/acpica/nsobject.c

@@ -222,13 +222,19 @@
 		}
 	}
 
-	/* Clear the entry in all cases */
+	/* Clear the Node entry in all cases */
 
 	node->object = NULL;
 	if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) == ACPI_DESC_TYPE_OPERAND) {
+
+		/* Unlink object from front of possible object list */
+
 		node->object = obj_desc->common.next_object;
+
+		/* Handle possible 2-descriptor object */
+
 		if (node->object &&
-		    ((node->object)->common.type != ACPI_TYPE_LOCAL_DATA)) {
+		    (node->object->common.type != ACPI_TYPE_LOCAL_DATA)) {
 			node->object = node->object->common.next_object;
 		}
 	}