diff mbox series

ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_convert_to_package ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0

Message ID tencent_4A21A2865B8B0A0D12CAEBEB84708EDDB505@qq.com
State New
Headers show
Series ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_convert_to_package ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 | expand

Commit Message

xiaopeitux@foxmail.com July 18, 2024, 6:05 a.m. UTC
From: Pei Xiao <xiaopei01@kylinos.cn>

ACPI_ALLOCATE_ZEROED may fails, elements might be null and will cause
null pointer dereference later.

Link: https://github.com/acpica/acpica/commit/4d4547cf
Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
---
 drivers/acpi/acpica/dbconvert.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Rafael J. Wysocki Aug. 2, 2024, 2:52 p.m. UTC | #1
On Thu, Jul 18, 2024 at 8:12 AM <xiaopeitux@foxmail.com> wrote:
>
> From: Pei Xiao <xiaopei01@kylinos.cn>
>
> ACPI_ALLOCATE_ZEROED may fails, elements might be null and will cause
> null pointer dereference later.
>
> Link: https://github.com/acpica/acpica/commit/4d4547cf
> Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
> ---
>  drivers/acpi/acpica/dbconvert.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/acpi/acpica/dbconvert.c b/drivers/acpi/acpica/dbconvert.c
> index 2b84ac093698..8dbab6932049 100644
> --- a/drivers/acpi/acpica/dbconvert.c
> +++ b/drivers/acpi/acpica/dbconvert.c
> @@ -174,6 +174,8 @@ acpi_status acpi_db_convert_to_package(char *string, union acpi_object *object)
>         elements =
>             ACPI_ALLOCATE_ZEROED(DB_DEFAULT_PKG_ELEMENTS *
>                                  sizeof(union acpi_object));
> +       if (!elements)
> +               return (AE_NO_MEMORY);
>
>         this = string;
>         for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++) {
> --

Applied (with edited subject and changelog) as 6.12 material, thanks!
diff mbox series

Patch

diff --git a/drivers/acpi/acpica/dbconvert.c b/drivers/acpi/acpica/dbconvert.c
index 2b84ac093698..8dbab6932049 100644
--- a/drivers/acpi/acpica/dbconvert.c
+++ b/drivers/acpi/acpica/dbconvert.c
@@ -174,6 +174,8 @@  acpi_status acpi_db_convert_to_package(char *string, union acpi_object *object)
 	elements =
 	    ACPI_ALLOCATE_ZEROED(DB_DEFAULT_PKG_ELEMENTS *
 				 sizeof(union acpi_object));
+	if (!elements)
+		return (AE_NO_MEMORY);
 
 	this = string;
 	for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++) {