From d9debf4714e309c46d37e11d73f3eef7bdff67ff Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: <410c2f0190f74c35505beda6ff3f2da7819f8bac.1164352285.git.len.brown@intel.com> References: <410c2f0190f74c35505beda6ff3f2da7819f8bac.1164352285.git.len.brown@intel.com> From: Robert Moore Date: Tue, 14 Nov 2006 20:06:06 +0300 Subject: [PATCH 46/65] ACPICA: Fix for possible memory leak and fault. Reply-To: Len Brown Organization: Intel Open Source Technology Center Fixed a possible memory leak and fault in acpi_ex_resolve_object_to_value() during a read from a buffer or region field. (BZ 458) Signed-off-by: Bob Moore Signed-off-by: Alexey Starikovskiy Signed-off-by: Len Brown --- drivers/acpi/executer/exresolv.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/executer/exresolv.c b/drivers/acpi/executer/exresolv.c index 6499de8..fa17f55 100644 --- a/drivers/acpi/executer/exresolv.c +++ b/drivers/acpi/executer/exresolv.c @@ -141,7 +141,7 @@ acpi_ex_resolve_object_to_value(union ac acpi_status status = AE_OK; union acpi_operand_object *stack_desc; void *temp_node; - union acpi_operand_object *obj_desc; + union acpi_operand_object *obj_desc = NULL; u16 opcode; ACPI_FUNCTION_TRACE(ex_resolve_object_to_value); @@ -299,8 +299,6 @@ acpi_ex_resolve_object_to_value(union ac status = acpi_ds_get_package_arguments(stack_desc); break; - /* These cases may never happen here, but just in case.. */ - case ACPI_TYPE_BUFFER_FIELD: case ACPI_TYPE_LOCAL_REGION_FIELD: case ACPI_TYPE_LOCAL_BANK_FIELD: @@ -314,6 +312,10 @@ acpi_ex_resolve_object_to_value(union ac status = acpi_ex_read_data_from_field(walk_state, stack_desc, &obj_desc); + + /* Remove a reference to the original operand, then override */ + + acpi_ut_remove_reference(*stack_ptr); *stack_ptr = (void *)obj_desc; break; -- 1.4.4.1