Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp133995ybm; Tue, 26 May 2020 12:37:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxh3fiO3Lhcu5cGHUJRhUhNmcNo180oUw+am4IWfz/t06cJ7/Z566pkRq0QVqtxNNBcPfOa X-Received: by 2002:a17:906:4eda:: with SMTP id i26mr2613142ejv.228.1590521820451; Tue, 26 May 2020 12:37:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590521820; cv=none; d=google.com; s=arc-20160816; b=fS2iObhYI3fRV/q8EEAxoPUXZBZOCvbghEo2Rq+aDDSA1TLAMLlPgs8wsGQLx7z7KM Q/ll9WeQFK2VKnRoptsPREH1JOvj7NMTYOffenGQIlW6rO+wsgMyuRuu98FlUHuvVGTp QZqlziXsDZI2ib8oLXglJ9b4Xx1YXfBONzmN9b+R7d7StjwfbDZZ9LJM7H2YywwLeyWc TJwcr8xuZtaF5hIetjpun3nBtQ5uY05X3XD+HZrYeFIm0PxTX/7+PYMwk2Ic86zW6SfQ chiw2+EtsxfiHAnz9szn8Mu5/uKJt7M9zwWVH1xh7Kr8IjFP5/+52hQm9vML1vkLWxI+ xbsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=n3RogoaiA9J3OAnds2RY8X2JfOHpyJ2BrQpbxwQsZcU=; b=d2QUEP81EFX0QIX1LPYBTdWLt+nH6oQ7F1FS5z0a2OmDCOP+VCwPy75tlvCEdHDWz+ /GNEN5o1LAWWPqbx/8EngLydLzxyVh8ufPYycsOM5KARWC2Jlj7xIvZ+4hG3heBV9bCr 0q+oPZl/IBHnUNwk2Sz5bviSq+V0GryvnM7YcFoKnAImPBYZRLiupuEEOXJv0C49hBuT WyexP0kiiCfGrRSE8htXZ3cMOZFc1Byte/8EpEWLycRAhISFZJucutWU4glrK/8unf+R 7F6WWoSI/fARxPvsn6RoH9mhY5igx6PuIXyvUSI24bHQu6GbP6eLdVgIScCj8T/EuCuL hVJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=B5HeTyAg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j17si480153edh.365.2020.05.26.12.36.37; Tue, 26 May 2020 12:37:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=B5HeTyAg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404330AbgEZTdy (ORCPT + 99 others); Tue, 26 May 2020 15:33:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:48306 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389644AbgEZSzs (ORCPT ); Tue, 26 May 2020 14:55:48 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 46B7A208B3; Tue, 26 May 2020 18:55:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1590519347; bh=ICYSVU/X9xqeXGvBRFzKeQSNfyqQXJbdXb38mcw1iL0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B5HeTyAgALG5GEYjxBPkuP8g0c4WFEjjZeEz9R1GQo6AhOLXL9h7cuFrl0bMJHjdM SPqStbq9kXEsNBKgHrdavN67cVni1u5VBgPSpUVaa2l30sgegJ61fRShh/Y1VT/Mrv 7eIKiCr5dmZSgt1OVprSXXAEEIp8C+b4VX0GXhVc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , "Darren Hart (VMware)" Subject: [PATCH 4.4 32/65] platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer Date: Tue, 26 May 2020 20:52:51 +0200 Message-Id: <20200526183917.810880502@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200526183905.988782958@linuxfoundation.org> References: <20200526183905.988782958@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King commit 98e2630284ab741804bd0713e932e725466f2f84 upstream. Currently the kfree of output.pointer can be potentially freeing an uninitalized pointer in the case where out_data is NULL. Fix this by reworking the case where out_data is not-null to perform the ACPI status check and also the kfree of outpoint.pointer in one block and hence ensuring the pointer is only freed when it has been used. Also replace the if (ptr != NULL) idiom with just if (ptr). Fixes: ff0e9f26288d ("platform/x86: alienware-wmi: Correct a memory leak") Signed-off-by: Colin Ian King Signed-off-by: Darren Hart (VMware) Signed-off-by: Greg Kroah-Hartman --- drivers/platform/x86/alienware-wmi.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) --- a/drivers/platform/x86/alienware-wmi.c +++ b/drivers/platform/x86/alienware-wmi.c @@ -449,23 +449,22 @@ static acpi_status alienware_hdmi_comman input.length = (acpi_size) sizeof(*in_args); input.pointer = in_args; - if (out_data != NULL) { + if (out_data) { output.length = ACPI_ALLOCATE_BUFFER; output.pointer = NULL; status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, command, &input, &output); - } else + if (ACPI_SUCCESS(status)) { + obj = (union acpi_object *)output.pointer; + if (obj && obj->type == ACPI_TYPE_INTEGER) + *out_data = (u32)obj->integer.value; + } + kfree(output.pointer); + } else { status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, command, &input, NULL); - - if (ACPI_SUCCESS(status) && out_data != NULL) { - obj = (union acpi_object *)output.pointer; - if (obj && obj->type == ACPI_TYPE_INTEGER) - *out_data = (u32) obj->integer.value; } - kfree(output.pointer); return status; - } static ssize_t show_hdmi_cable(struct device *dev,