On Wed, Jun 14, 2023 at 6:21 PM Chenyuan Mi <cymi20@xxxxxxxxxxxx> wrote:
>
> The acpi_ns_get_attached_object() function may return
> NULL, which may cause null pointer deference, and most
> other callsites of acpi_ns_get_attached_object() do
> Null check. Add Null check for return value of
> acpi_ns_get_attached_object().
But may acpi_ex_prep_field_value() be called in a code path where
acpi_ns_get_attached_object(i) can return NULL?
I mean, if the given attached object is guaranteed to exist when this
function is called, NULL will not be returned, so the new check will
be redundant then.
> Found by our static analysis tool.
>
> Signed-off-by: Chenyuan Mi <cymi20@xxxxxxxxxxxx>
> ---
> drivers/acpi/acpica/exprep.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/acpi/acpica/exprep.c b/drivers/acpi/acpica/exprep.c
> index 08196fa17080..d9c006ec1ac8 100644
> --- a/drivers/acpi/acpica/exprep.c
> +++ b/drivers/acpi/acpica/exprep.c
> @@ -431,6 +431,13 @@ acpi_status acpi_ex_prep_field_value(struct acpi_create_field_info *info)
> obj_desc->field.region_obj =
> acpi_ns_get_attached_object(info->region_node);
>
> + if (!obj_desc->field.region_obj) {
> + ACPI_ERROR((AE_INFO,
> + "Null Region Object during field prep"));
> + acpi_ut_delete_object_desc(obj_desc);
> + return_ACPI_STATUS(AE_AML_INTERNAL);
> + }
> +
> /* Fields specific to generic_serial_bus fields */
>
> obj_desc->field.access_length = info->access_length;
> --
> 2.17.1
>
