From ad4ae3829374037d6c24ac8e819983323de6f244 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Mon, 16 Nov 2015 14:20:25 +0000 Subject: [PATCH] [ACPI] - Addendum to r69867: free device info pointer at the end of acpi_bus_add to avoid use after free. Powered by Special Pool svn path=/trunk/; revision=69899 --- reactos/drivers/bus/acpi/busmgr/bus.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/reactos/drivers/bus/acpi/busmgr/bus.c b/reactos/drivers/bus/acpi/busmgr/bus.c index cd0e379d5c4..a336f4b074e 100644 --- a/reactos/drivers/bus/acpi/busmgr/bus.c +++ b/reactos/drivers/bus/acpi/busmgr/bus.c @@ -1138,7 +1138,7 @@ acpi_bus_add ( struct acpi_device *device = NULL; char bus_id[5] = {'?',0}; ACPI_BUFFER buffer; - ACPI_DEVICE_INFO *info; + ACPI_DEVICE_INFO *info = NULL; char *hid = NULL; char *uid = NULL; ACPI_PNP_DEVICE_ID_LIST *cid_list = NULL; @@ -1248,6 +1248,7 @@ acpi_bus_add ( ACPI_DEBUG_PRINT((ACPI_DB_ERROR, "Error reading device info\n")); result = AE_NOT_FOUND; + info = NULL; goto end; } if (info->Valid & ACPI_VALID_HID) @@ -1266,7 +1267,6 @@ acpi_bus_add ( device->pnp.bus_address = info->Address; device->flags.bus_address = 1; } - ACPI_FREE(info); break; case ACPI_BUS_TYPE_POWER: hid = ACPI_POWER_HID; @@ -1427,6 +1427,8 @@ acpi_bus_add ( acpi_bus_find_driver(device); end: + if (info != NULL) + ACPI_FREE(info); if (result) { if (device->pnp.cid_list) { ExFreePoolWithTag(device->pnp.cid_list, 'DpcA'); -- 2.17.1