ACPICA: Fix for access to deleted object <regression>
authorBob Moore <robert.moore@intel.com>
Tue, 10 Jun 2008 06:29:26 +0000 (14:29 +0800)
committerLen Brown <len.brown@intel.com>
Wed, 11 Jun 2008 23:13:47 +0000 (19:13 -0400)
Fixes problem introduced in 20080123, with fix for Unload operator.
Parse tree object can be already deleted; must use the opcode
within the WalkState.

ACPI: kmemcheck: Caught 16-bit read from freed memory
http://bugzilla.kernel.org/show_bug.cgi?id=10669

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
drivers/acpi/parser/psargs.c

index f1e8bf65e24e82aa0db7d4a33da9241494d3aaf7..e94463778845567ce02f6494fb9580bf2da85512 100644 (file)
@@ -268,7 +268,7 @@ acpi_ps_get_next_namepath(struct acpi_walk_state *walk_state,
         */
        if (ACPI_SUCCESS(status) &&
            possible_method_call && (node->type == ACPI_TYPE_METHOD)) {
-               if (walk_state->op->common.aml_opcode == AML_UNLOAD_OP) {
+               if (walk_state->opcode == AML_UNLOAD_OP) {
                        /*
                         * acpi_ps_get_next_namestring has increased the AML pointer,
                         * so we need to restore the saved AML pointer for method call.
@@ -691,7 +691,7 @@ acpi_ps_get_next_arg(struct acpi_walk_state *walk_state,
 
                        /* To support super_name arg of Unload */
 
-                       if (walk_state->op->common.aml_opcode == AML_UNLOAD_OP) {
+                       if (walk_state->opcode == AML_UNLOAD_OP) {
                                status =
                                    acpi_ps_get_next_namepath(walk_state,
                                                              parser_state, arg,