ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()

ACPICA commit 9061cd9aa131205657c811a52a9f8325a040c6c9

Errors in acpi_evaluate_object() can lead to incorrect state of buffer.

This can lead to access to data in previously ACPI_FREEd buffer and
secondary ACPI_FREE to the same buffer later.

Handle errors in acpi_evaluate_object the same way it is done earlier
with acpi_ns_handle_to_pathname.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Link: https://github.com/acpica/acpica/commit/9061cd9a
Fixes: 5fd033288a86 ("ACPICA: debugger: add command to dump all fields of particular subtype")
Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/acpi/acpica/dbnames.c b/drivers/acpi/acpica/dbnames.c
index b91155ea9c343cd82871b3dc0638a2143a0f11bf..c9131259f717b0cf37f939bb39f5dada23d12ddc 100644 (file)
--- a/drivers/acpi/acpica/dbnames.c
+++ b/drivers/acpi/acpica/dbnames.c
@@ -550,8 +550,12 @@ acpi_db_walk_for_fields(acpi_handle obj_handle,
        ACPI_FREE(buffer.pointer);
 
        buffer.length = ACPI_ALLOCATE_LOCAL_BUFFER;
-       acpi_evaluate_object(obj_handle, NULL, NULL, &buffer);
-
+       status = acpi_evaluate_object(obj_handle, NULL, NULL, &buffer);
+       if (ACPI_FAILURE(status)) {
+               acpi_os_printf("Could Not evaluate object %p\n",
+                              obj_handle);
+               return (AE_OK);
+       }
        /*
         * Since this is a field unit, surround the output in braces
         */