summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2020-06-29 16:18:37 -0600
committerPatrick Georgi <pgeorgi@google.com>2020-07-01 04:52:47 +0000
commit8bfa51e4c485ec85c872254a4cf724a40554370f (patch)
tree80dfb8b558d680ef1b5558d40683a75f2ce92813
parent84b9653b38fd4653cd094105150d1e11b3f3ecdb (diff)
acpi: Avoid freeing a device twice
The current implementation of acpi_dp_write() frees the node after it has written it. If the structure contains a ACPI_DP_TYPE_CHILD then a recursive call to acpi_dp_write() frees the child and then frees it again when returning from the call. This results in a double free. Split the implementation into two steps, one that ones and one that frees. This is easier to understand and fixes the bug. Note: This likely has no effect in coreboot since it doesn't seem to have a proper free() implementation. But it might gain one one day. BUG=none Signed-off-by: Simon Glass <sjg@chromium.org> Change-Id: Ife3917af10bc35a3c3eee38d8292f927ef15409d Reviewed-on: https://review.coreboot.org/c/coreboot/+/42892 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
-rw-r--r--src/acpi/device.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/acpi/device.c b/src/acpi/device.c
index 9ce86ebdbf..b119abd61f 100644
--- a/src/acpi/device.c
+++ b/src/acpi/device.c
@@ -770,7 +770,7 @@ static bool acpi_dp_write_properties(struct acpi_dp *prop, const char *uuid)
return false;
}
-void acpi_dp_write(struct acpi_dp *table)
+static void acpi_dp_write_(struct acpi_dp *table)
{
struct acpi_dp *dp, *prop;
char *dp_count;
@@ -826,7 +826,12 @@ void acpi_dp_write(struct acpi_dp *table)
/* Recursively parse children into separate tables */
for (dp = prop; dp; dp = dp->next)
if (dp->type == ACPI_DP_TYPE_CHILD)
- acpi_dp_write(dp->child);
+ acpi_dp_write_(dp->child);
+}
+
+void acpi_dp_write(struct acpi_dp *table)
+{
+ acpi_dp_write_(table);
/* Clean up */
acpi_dp_free(table);