On Fri, Jul 15, 2016 at 1:12 AM, Haozhong Zhang <haozhong.zhang@xxxxxxxxx> wrote: > On 07/15/16 15:55, Haozhong Zhang wrote: >> On 07/14/16 20:28, Dan Williams wrote: >> > acpi_evaluate_object() allocates memory. Free the buffer allocated >> > during acpi_nfit_add(). >> > >> > Cc: <stable@xxxxxxxxxxxxxxx> >> > Cc: Vishal Verma <vishal.l.verma@xxxxxxxxx> >> > Reported-by: Xiao Guangrong <guangrong.xiao@xxxxxxxxx> >> > Reported-by: Haozhong Zhang <haozhong.zhang@xxxxxxxxx> >> > Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx> >> > --- >> > drivers/acpi/nfit.c | 7 +++++-- >> > 1 file changed, 5 insertions(+), 2 deletions(-) >> > >> > diff --git a/drivers/acpi/nfit.c b/drivers/acpi/nfit.c >> > index 0497175ee6cb..008dbaaa2b75 100644 >> > --- a/drivers/acpi/nfit.c >> > +++ b/drivers/acpi/nfit.c >> > @@ -2414,12 +2414,15 @@ static int acpi_nfit_add(struct acpi_device *adev) >> > acpi_desc->nfit = >> > (struct acpi_nfit_header *)obj->buffer.pointer; >> > sz = obj->buffer.length; >> > + rc = acpi_nfit_init(acpi_desc, sz); >> > } else >> > dev_dbg(dev, "%s invalid type %d, ignoring _FIT\n", >> > __func__, (int) obj->type); >> >> 'rc' is not set in this path, so it maybe used uninitialized by 'if (rc)' below. >> Should we set it to a non-zero value in this path? > > 'rc' should be set to 0 here, as what patch 2 does. Sorry for my mistake. No, this is good feedback because patch1 is targeted for -stable. Will fix, thanks! -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html