ACPICA commit eaa455accf165fee2df26410e271aab162264f6c UBSAN reports an index out of range use in dsutils.c. acpi_db_display_argument_object( walk_state->operands[walk_state->num_operands - 1], ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ walk_state); This call was simply wrong, generated redundant debugger messages, and resulted in a -1 index into the operand stack. Linux kernel bug #120351 (link #1) and #194845 (link #2). Originally fixed by Navin P.S. (link #1, comment 8), refined by Lv Zheng (link #3). Link: https://bugzilla.kernel.org/show_bug.cgi?id=120351 [#1] Link: https://bugzilla.kernel.org/show_bug.cgi?id=194845 [#2] Link: https://github.com/acpica/acpica/pull/245 [#3] Link: https://github.com/acpica/acpica/commit/eaa455ac Reported-by: Wilfried Klaebe <linux-kernel@xxxxxxxxxxxxxxxxxxxxxxxxxx> Reported-by: Ronald Warsow <rwarsow@xxxxxx> Original-by: Navin P.S. <navinp1912@xxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Signed-off-by: Lv Zheng <lv.zheng@xxxxxxxxx> Signed-off-by: Bob Moore <robert.moore@xxxxxxxxx> --- drivers/acpi/acpica/dsutils.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index 406edec..0dabd9b 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -633,15 +633,6 @@ acpi_ds_create_operand(struct acpi_walk_state *walk_state, if ((op_info->flags & AML_HAS_RETVAL) || (arg->common.flags & ACPI_PARSEOP_IN_STACK)) { - ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH, - "Argument previously created, already stacked\n")); - - acpi_db_display_argument_object(walk_state-> - operands[walk_state-> - num_operands - - 1], - walk_state); - /* * Use value that was already previously returned * by the evaluation of this argument -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
