• Eric Dumazet's avatar
    hp-wmi: fix use after free · 0401846c
    Eric Dumazet authored
    [  191.310008] WARNING: kmemcheck: Caught 32-bit read from freed memory (f0d25f14)
    [  191.310011] c056d2f088000000105fd2f00000000050415353040000000000000000000000
    [  191.310020]  i i i i f f f f f f f f f f f f f f f f f f f f f f f f f f f f
    [  191.310027]                                          ^
    [  191.310029]
    [  191.310032] Pid: 737, comm: modprobe Not tainted 3.0.0-rc5+ #268 Hewlett-Packard HP Compaq 6005 Pro SFF PC/3047h
    [  191.310036] EIP: 0060:[<f80b3104>] EFLAGS: 00010286 CPU: 0
    [  191.310039] EIP is at hp_wmi_perform_query+0x104/0x150 [hp_wmi]
    [  191.310041] EAX: f0d25601 EBX: f0d25f00 ECX: 000121cf EDX: 000121ce
    [  191.310043] ESI: f0d25f10 EDI: f0f97ea8 EBP: f0f97ec4 ESP: c173f34c
    [  191.310045]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
    [  191.310046] CR0: 8005003b CR2: f540c000 CR3: 30f30000 CR4: 000006d0
    [  191.310048] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
    [  191.310050] DR6: ffff4ff0 DR7: 00000400
    [  191.310051]  [<f80b317b>] hp_wmi_dock_state+0x2b/0x40 [hp_wmi]
    [  191.310054]  [<f80b6093>] hp_wmi_init+0x93/0x1a8 [hp_wmi]
    [  191.310057]  [<c10011f0>] do_one_initcall+0x30/0x170
    [  191.310061]  [<c107ab9f>] sys_init_module+0xef/0x1a60
    [  191.310064]  [<c149f998>] sysenter_do_call+0x12/0x28
    [  191.310067]  [<ffffffff>] 0xffffffff
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: default avatarMatthew Garrett <mjg@redhat.com>
    0401846c
hp-wmi.c 22.1 KB