[PATCH] iio: inv_mpu6050: Fix use-after-free in ACPI code

From: Crestez Dan Leonard
Date: Fri Jun 03 2016 - 14:30:57 EST

Next message: Oleg Drokin: "Re: Dcache oops"
Previous message: Borislav Petkov: "Re: [PATCH] hwmon: (fam15h_power) Disable preemption when reading registers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some cases this can result in incorrectly returning a negative value
from asus_acpi_get_sensor_info and the AK8963 magnetometer failing to
show up.

Cc: Srinivas Pandruvada <srinivas.pandruvada@xxxxxxxxxxxxxxx>
Signed-off-by: Crestez Dan Leonard <leonard.crestez@xxxxxxxxx>
---
drivers/iio/imu/inv_mpu6050/inv_mpu_acpi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_acpi.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_acpi.c
index 2771106..f770472 100644
--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_acpi.c
+++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_acpi.c
@@ -56,6 +56,7 @@ static int asus_acpi_get_sensor_info(struct acpi_device *adev,
int i;
acpi_status status;
union acpi_object *cpm;
+ int ret;

status = acpi_evaluate_object(adev->handle, "CNF0", NULL, &buffer);
if (ACPI_FAILURE(status))
@@ -82,10 +83,10 @@ static int asus_acpi_get_sensor_info(struct acpi_device *adev,
}
}
}
-
+ ret = cpm->package.count;
kfree(buffer.pointer);

- return cpm->package.count;
+ return ret;
}

static int acpi_i2c_check_resource(struct acpi_resource *ares, void *data)
--
2.5.5

Next message: Oleg Drokin: "Re: Dcache oops"
Previous message: Borislav Petkov: "Re: [PATCH] hwmon: (fam15h_power) Disable preemption when reading registers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]