From: Colin Ian King <[email protected]>
acpi_pcc_hotkey_remove sanity checks to see if device is null, however,
this check is performed after we have already passed device into a call
to acpi_driver_data. If device is null, then acpi_driver_data will produce
a null pointer dereference on device. The correct action is to sanity check
device, then assign pcc, then check if pcc is null.
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/platform/x86/panasonic-laptop.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c
index 3f87097..39c1ebc 100644
--- a/drivers/platform/x86/panasonic-laptop.c
+++ b/drivers/platform/x86/panasonic-laptop.c
@@ -651,9 +651,13 @@ out_hotkey:
static int acpi_pcc_hotkey_remove(struct acpi_device *device)
{
- struct pcc_acpi *pcc = acpi_driver_data(device);
+ struct pcc_acpi *pcc;
+
+ if (!device)
+ return -EINVAL;
- if (!device || !pcc)
+ pcc = acpi_driver_data(device);
+ if (!pcc)
return -EINVAL;
sysfs_remove_group(&device->dev.kobj, &pcc_attr_group);
--
2.7.4
On Mon, Mar 28, 2016 at 05:26:12PM +0100, Colin King wrote:
> Signed-off-by: Colin Ian King <[email protected]>
Acked-by: Harald Welte <[email protected]>
--
- Harald Welte <[email protected]> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)