ACPI: EC: fix use-after-free
authorAdrian Bunk <bunk@kernel.org>
Wed, 24 Oct 2007 16:26:00 +0000 (18:26 +0200)
committerLen Brown <len.brown@intel.com>
Thu, 25 Oct 2007 20:38:02 +0000 (16:38 -0400)
This patch fixes a use-after-free introduced by
commit 30c08574da0ead1a47797ce028218ce5b2de61c7
(ACPI: EC: Add new query handler to list head)

Spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
drivers/acpi/ec.c

index bf60b24ebf54d3d0a5167c6e85b969e548e814d7..06b78e5e33a11b8a13a0b0874311f2bb7faf075a 100644 (file)
@@ -445,9 +445,9 @@ EXPORT_SYMBOL_GPL(acpi_ec_add_query_handler);
 
 void acpi_ec_remove_query_handler(struct acpi_ec *ec, u8 query_bit)
 {
-       struct acpi_ec_query_handler *handler;
+       struct acpi_ec_query_handler *handler, *tmp;
        mutex_lock(&ec->lock);
-       list_for_each_entry(handler, &ec->list, node) {
+       list_for_each_entry_safe(handler, tmp, &ec->list, node) {
                if (query_bit == handler->query_bit) {
                        list_del(&handler->node);
                        kfree(handler);